Disabling LM authentication
David Collier-Brown
David.Collier-Brown at canada.sun.com
Mon Nov 27 12:36:07 GMT 2000
Andrew Bartlett wrote:
>
> Is it possible for samba to disable LM authentication in favor of NTLM
> or (preferably) NTLMv2 as described in
> http://support.microsoft.com/support/kb/articles/Q147/7/06.asp
If this is "NT1", then I do have a patch in to
set a lower limit on the protocol negotiated
at connect-time: see
http://samba.org/cgi-bin/samba-patches/incoming?id=176;expression=davecb;user=guest#themesg
My comment was:
This is a proposed defence against downgrading attack during
protocol negotiation: it has not yet been reported as a problem,
but I suspect that negotiating CORE with them will result in
unsuspecting clients sending plain-text passwords. Not to speak
about our passing through rarely-tested code (;-))
About the other questions, I have little idea (:-))
--dave
--
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com
More information about the samba-technical
mailing list