Disabling LM authentication

David Collier-Brown David.Collier-Brown at canada.sun.com
Mon Nov 27 12:36:07 GMT 2000


Andrew Bartlett wrote:
> 
> Is it possible for samba to disable LM authentication in favor of NTLM
> or (preferably) NTLMv2 as described in
> http://support.microsoft.com/support/kb/articles/Q147/7/06.asp

	If this is "NT1", then I do have a patch in to
	set a lower limit on the protocol negotiated
	at connect-time: see
http://samba.org/cgi-bin/samba-patches/incoming?id=176;expression=davecb;user=guest#themesg

	My comment was:
This is a proposed defence against downgrading attack during
protocol negotiation: it has not yet been reported as a problem,
but I suspect that negotiating CORE with them will result in 
unsuspecting clients sending plain-text passwords. Not to speak 
about our passing through rarely-tested code (;-))

	About the other questions, I have little idea (:-))

--dave
-- 
David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com




More information about the samba-technical mailing list