[linux-cifs-client] Re: No legacy mount possible at all,
ANYMORE - the kernel option CONFIG_CIFS_WEAK_PW_HASH
Steve French (smfltc)
smfltc at us.ibm.com
Mon Mar 17 00:44:19 GMT 2008
> enable CONFIG_CIFS_WEAK_PW_HASH by default upstream
I don't mind this much - but remember supporting lanman has security
implications for the network (not just one machine) if root does not control
who mounts (ie user mounts allowed). Security is an important enough
consideration that I wanted to make it a conscious decision to enable
weaker security at compile time not just at run time (either via
/proc or via "sec=" mount option). I think it does make sense
for general purpose distros to always enable the CONFIG_CIFS_WEAK_PW_HASH
compile time configure option.
More information about the linux-cifs-client
mailing list