The Samba development team has announced the release of version 4.24.0rc1, which is currently in the testing phase and not recommended for general use. This release is intended to engage the community for feedback before the final version is made available. Once officially launched, Samba 4.24 is expected to deliver significant enhancements in usability, particularly in security and system performance.
Among the key features of this version is the introduction of remote password management that spans multiple identity systems, including Entra ID and Keycloak, in addition to Active Directory. This improvement allows these systems to update user passwords directly within an AD environment, minimizing the need for the Samba server to handle legacy credentials and thus enhancing security by reducing potential transmission vulnerabilities.
Another noteworthy feature is support for Kerberos PKINIT KeyTrust logons, which enables Windows Hello-style logons even when self-signed keys are employed. This flexibility is particularly beneficial in environments where official certificates are not feasible.
In terms of system performance, the new Virtual File System (VFS) module introduces the capability to manage asynchronous I/O more effectively. It allows administrators to impose limits on the speed of asynchronous operations, automatically adjusting to real-time load conditions to prevent performance bottlenecks.
Additionally, advancements in the underlying technology include enhancements to the communication with the Kerberos Key Distribution Center (KDC), which now incorporates Principal Context Attributes (PAC) to bolster authentication security. Clients are also prompted to utilize canonicalization to ensure accurate handling of usernames across domains.
For developers, the update includes two new samba-tool subcommands: `generate-csr` simplifies the creation of certificate signing requests for specific account types, while the `keytrust` command aids in managing public key details in self-signed certificates.
For those interested in exploring the new functionalities further, comprehensive documentation on the VFS module, as well as detailed release notes and the source code, are available for review.
As Samba 4.24 progresses toward its official release, users and developers are encouraged to test the candidate build and provide feedback to help refine the final version. This collaborative approach aims to ensure the robustness and security of the system before it becomes widely adopted
Among the key features of this version is the introduction of remote password management that spans multiple identity systems, including Entra ID and Keycloak, in addition to Active Directory. This improvement allows these systems to update user passwords directly within an AD environment, minimizing the need for the Samba server to handle legacy credentials and thus enhancing security by reducing potential transmission vulnerabilities.
Another noteworthy feature is support for Kerberos PKINIT KeyTrust logons, which enables Windows Hello-style logons even when self-signed keys are employed. This flexibility is particularly beneficial in environments where official certificates are not feasible.
In terms of system performance, the new Virtual File System (VFS) module introduces the capability to manage asynchronous I/O more effectively. It allows administrators to impose limits on the speed of asynchronous operations, automatically adjusting to real-time load conditions to prevent performance bottlenecks.
Additionally, advancements in the underlying technology include enhancements to the communication with the Kerberos Key Distribution Center (KDC), which now incorporates Principal Context Attributes (PAC) to bolster authentication security. Clients are also prompted to utilize canonicalization to ensure accurate handling of usernames across domains.
For developers, the update includes two new samba-tool subcommands: `generate-csr` simplifies the creation of certificate signing requests for specific account types, while the `keytrust` command aids in managing public key details in self-signed certificates.
For those interested in exploring the new functionalities further, comprehensive documentation on the VFS module, as well as detailed release notes and the source code, are available for review.
As Samba 4.24 progresses toward its official release, users and developers are encouraged to test the candidate build and provide feedback to help refine the final version. This collaborative approach aims to ensure the robustness and security of the system before it becomes widely adopted
Samba 4.24.0rc1 released
The Samba developers have released version 4.24.0rc1 for testing purposes only, which means it's not yet ready for general use. However, once officially released, it will bring significant usability boosts, including improved security and system performance. Key new features include remote password management across various identity systems and support for Windows Hello-style key-trust logons with self-signed keys. Additionally, a Virtual File System (VFS) module has been added to handle asynchronous I/O and enforce limits on rapid operations, while underlying tech improvements also enhance authentication security.
