From: Jule Anger <janger@samba.org>
Date: Thu, 27 Feb 2025 12:23:55 +0000 (+0100)
Subject: WHATSNEW: add himmelblaud
X-Git-Tag: samba-4.22.0rc4~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dac386f40950ba800cf60471b5430aef484818ec;p=thirdparty%2Fsamba.git

WHATSNEW: add himmelblaud

Signed-off-by: David Mulder <dmulder@samba.org>
---

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 008e45d7afe..820a8078624 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -39,6 +39,17 @@ now be configured to use TCP via the new "client netlogon ping
 protocol" parameter to enable running in environments where firewalls
 completely block port 389 or UDP traffic to domain controllers.
 
+Experimental Himmelblaud Authentication in Samba
+------------------------------------------------
+
+Samba now includes experimental support for Azure Entra ID authentication via
+`himmelblaud`, located in the `rust/` directory. This implementation provides
+basic authentication and is configured through `smb.conf`, utilizing options
+such as `realm`, `winbindd_socket_directory`, and `template_homedir`. New global
+parameters include `himmelblaud_sfa_fallback`, `himmelblaud_hello_enabled`, and
+`himmelblaud_hsm_pin_path`.
+To enable, configure Samba with `--enable-rust --with-himmelblau`.
+
 REMOVED FEATURES
 ================
 
@@ -74,6 +85,9 @@ smb.conf changes
   smb3 directory leases                   New             Auto
   vfs mkdir use tmp name                  New             Auto
   client netlogon ping protocol           New             cldap
+  himmelblaud hello enabled               New             no
+  himmelblaud hsm pin path                New             default hsm pin path
+  himmelblaud sfa fallback                New             no
   client use krb5 netlogon                Experimental    no
   reject aes netlogon servers             Experimental    no
   server reject aes schannel              Experimental    no