From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 18 Dec 2023 04:14:27 +0000 (+1300)
Subject: WHATSNEW: Add entry for "samba-tool user getpassword" changes
X-Git-Tag: talloc-2.4.2~239
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a39e19dfa759c62cd59545da8ead13d2ae49e6e0;p=thirdparty%2Fsamba.git

WHATSNEW: Add entry for "samba-tool user getpassword" changes

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
---

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 5131e7a9355..31468aec5be 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -61,6 +61,23 @@ virtualCryptSHA256: {CRYPT}$5$rounds=2561$hXem.M9onhM9Vuix$dFdSBwF
 to:
 virtualCryptSHA256;rounds=2561: {CRYPT}$5$rounds=2561$hXem.M9onhM9Vuix$dFdSBwF
 
+Group Managed service account client-side features
+--------------------------------------------------
+
+samba-tool has been extended to provide client-side support for Group
+Managed Service accounts.  These accounts have passwords that change
+automatically, giving the advantages of service isolation without risk
+of poor, unchanging passwords.
+
+Where possible, Samba's existing samba-tool password handling
+commands, which in the past have only operated against the local
+sam.ldb have been extended to permit operation against a remote server
+with authenticated access to "-H ldap://$DCNAME"
+
+Supported operations include:
+ - reading the current and previous gMSA password via
+   "samba-tool user getpassword"
+
 REMOVED FEATURES
 ================