From: Gary Lockyer <gary@catalyst.net.nz>
Date: Mon, 11 Dec 2017 21:49:05 +0000 (+1300)
Subject: WHATSNEW: Encrypted secrets
X-Git-Tag: talloc-2.1.11~155
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=142060d06f329adaa96a539b130ff2659f0d8110;p=thirdparty%2Fsamba.git

WHATSNEW: Encrypted secrets

Document the encrypted secrets feature in WHATSNEW.txt

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Dec 18 04:36:19 CET 2017 on sn-devel-144
---

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 257e087e3aa..9bcd03c098b 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -51,6 +51,39 @@ This can be set with the following settings:
 
   'mdns name = mdns'
 
+Encrypted secrets
+=================
+Attributes deemed to be sensitive are now encrypted on disk. The sensitive
+values are currently:
+	pekList
+	msDS-ExecuteScriptPassword
+	currentValue
+	dBCSPwd
+	initialAuthIncoming
+	initialAuthOutgoing
+	lmPwdHistory
+	ntPwdHistory
+	priorValue
+	supplementalCredentials
+	trustAuthIncoming
+	trustAuthOutgoing
+	unicodePwd
+	clearTextPassword
+
+This encryption is enabled by default on a new provision or join, it
+can be disabled at provision or join time with the new option
+--plaintext-secrets.
+
+However, an in-place upgrade will not encrypt the database.
+
+Once encrypted, it is not possible to do an in-place downgrade (eg to
+4.7) of the database. To obtain an unencrypted copy of the database a
+new DC join should be performed, specifying the --plaintext-secrets
+option.
+
+The key file "encrypted_secrets.key" is created in the same directory
+as the database and should NEVER be disclosed.  It is included by the
+samba_backup script.
 
 smb.conf changes
 ================