svn commit: samba r25050 - in branches/SAMBA_3_2_0/source/param: .

abartlet at samba.org abartlet at samba.org
Mon Sep 10 02:49:58 GMT 2007


Author: abartlet
Date: 2007-09-10 02:49:57 +0000 (Mon, 10 Sep 2007)
New Revision: 25050

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=25050

Log:
Merge new, stricter NTLM password security requirements into Samba 3.2.0

As a client, we no longer send plaintext or LM responses, unless
reconfigured.

As a server, we no longer accept LM responses (encrypt passwords = yes
has been set for a while), unless reconfigured.

Andrew Bartlett

Modified:
   branches/SAMBA_3_2_0/source/param/loadparm.c


Changeset:
Modified: branches/SAMBA_3_2_0/source/param/loadparm.c
===================================================================
--- branches/SAMBA_3_2_0/source/param/loadparm.c	2007-09-10 02:14:18 UTC (rev 25049)
+++ branches/SAMBA_3_2_0/source/param/loadparm.c	2007-09-10 02:49:57 UTC (rev 25050)
@@ -1580,10 +1580,10 @@
 	Globals.bStatCache = True;	/* use stat cache by default */
 	Globals.iMaxStatCacheSize = 1024; /* one Meg by default. */
 	Globals.restrict_anonymous = 0;
-	Globals.bClientLanManAuth = True;	/* Do use the LanMan hash if it is available */
-	Globals.bClientPlaintextAuth = True;	/* Do use a plaintext password if is requested by the server */
-	Globals.bLanmanAuth = True;	/* Do use the LanMan hash if it is available */
-	Globals.bNTLMAuth = True;	/* Do use NTLMv1 if it is available (otherwise NTLMv2) */
+	Globals.bClientLanManAuth = False;	/* Do NOT use the LanMan hash if it is available */
+	Globals.bClientPlaintextAuth = False;	/* Do NOT use a plaintext password even if is requested by the server */
+	Globals.bLanmanAuth = False;	/* Do NOT use the LanMan hash, even if it is supplied */
+	Globals.bNTLMAuth = True;	/* Do use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
 	Globals.bClientNTLMv2Auth = False; /* Client should not use NTLMv2, as we can't tell that the server supports it. */
 	/* Note, that we will use NTLM2 session security (which is different), if it is available */
 



More information about the samba-cvs mailing list