svn commit: samba r25050 - in branches/SAMBA_3_2_0/source/param: .
abartlet at samba.org
abartlet at samba.org
Mon Sep 10 02:49:58 GMT 2007
Author: abartlet
Date: 2007-09-10 02:49:57 +0000 (Mon, 10 Sep 2007)
New Revision: 25050
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=25050
Log:
Merge new, stricter NTLM password security requirements into Samba 3.2.0
As a client, we no longer send plaintext or LM responses, unless
reconfigured.
As a server, we no longer accept LM responses (encrypt passwords = yes
has been set for a while), unless reconfigured.
Andrew Bartlett
Modified:
branches/SAMBA_3_2_0/source/param/loadparm.c
Changeset:
Modified: branches/SAMBA_3_2_0/source/param/loadparm.c
===================================================================
--- branches/SAMBA_3_2_0/source/param/loadparm.c 2007-09-10 02:14:18 UTC (rev 25049)
+++ branches/SAMBA_3_2_0/source/param/loadparm.c 2007-09-10 02:49:57 UTC (rev 25050)
@@ -1580,10 +1580,10 @@
Globals.bStatCache = True; /* use stat cache by default */
Globals.iMaxStatCacheSize = 1024; /* one Meg by default. */
Globals.restrict_anonymous = 0;
- Globals.bClientLanManAuth = True; /* Do use the LanMan hash if it is available */
- Globals.bClientPlaintextAuth = True; /* Do use a plaintext password if is requested by the server */
- Globals.bLanmanAuth = True; /* Do use the LanMan hash if it is available */
- Globals.bNTLMAuth = True; /* Do use NTLMv1 if it is available (otherwise NTLMv2) */
+ Globals.bClientLanManAuth = False; /* Do NOT use the LanMan hash if it is available */
+ Globals.bClientPlaintextAuth = False; /* Do NOT use a plaintext password even if is requested by the server */
+ Globals.bLanmanAuth = False; /* Do NOT use the LanMan hash, even if it is supplied */
+ Globals.bNTLMAuth = True; /* Do use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
Globals.bClientNTLMv2Auth = False; /* Client should not use NTLMv2, as we can't tell that the server supports it. */
/* Note, that we will use NTLM2 session security (which is different), if it is available */
More information about the samba-cvs
mailing list