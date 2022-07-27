Don Christie (Catalyst) Credit: Kristina D.C. Hoeppner

A collaboration between CERT NZ, Catalyst and the open-source community has delivered a major update for Samba domain control software.

Samba is an open-source suite created 30 years ago and used as an active directory domain controller, usually between Linux and Windows-based systems. As such it plays a similar role to Microsoft's Active Directory, .

The update will benefit users around the world.

“CERT NZ saw the opportunity to contribute to the security of Samba, to providing a benefit for CERT NZ and others,” said Pieter Meirsman, CERT NZ's team leader of systems and security .

“The organisation is proud to support Catalyst making this software more secure for users, which enables its use as a free alternative for Windows active directory.”

CERT NZ provided funding for the Catalyst team to work on improving the a snapshot of the Heimdal Kerberos implementation, which has been included in Samba since Samba 4.0.

The update brings important new security features such as Kerberos request armouring, known as FAST. This tunnels ticket requests and replies, which might be encrypted with a weak password, inside a wrapper built with a stronger password.

Work was also done to improve the plugin interface.

The new upgrade brings Samba closer to Windows 2012 compatibility and allows the system to be updated more easily.

As Catalyst’s team works closely with Microsoft, the impact of the CERT NZ funding goes wider than the open-source community.

“We want to acknowledge work done by the wider Samba community and thank them for giving feedback," Meirsman said. "CERT NZ appreciates all the effort involved,”

Don Christie, managing director of Catalyst IT, said the company's "amazing" Samba AD team had been focused on security issues for many years.

“This work, on the open-source platform, has improved the security of its sibling proprietary platform, Microsoft AD and Azure AD and therefore the security for hundreds of millions of computer users around the world," he said.

“We're proud of the work our team has led and delighted that CERT NZ saw the critical nature of this work and has chosen to help with its funding. The benefits to Kiwis and the rest of the world are clear and should not be underestimated.”

Samba is freely available under the GNU general public license.

