Disabling LM authentication
Gerald Carter
gcarter at valinux.com
Mon Nov 27 18:50:46 GMT 2000
David Collier-Brown wrote:
>
http://samba.org/cgi-bin/samba-patches/incoming?id=176;expression=davecb;user=guest#themesg
>
> My comment was:
> This is a proposed defence against downgrading attack during
> protocol negotiation: it has not yet been reported as a problem,
> but I suspect that negotiating CORE with them will result in
> unsuspecting clients sending plain-text passwords.
hmmm....downgrade attacks are server based. I'm not sure
what this gains you. If a client wants to send you
a list of older protocols, then that's the client's decision.
> Not to speak about our passing through rarely-tested
> code (;-))
I could see this as an aguement, but not a security risk
really. Am I missing something?
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter at valinux.com
http://www.samba.org/ SAMBA Team jerry at samba.org
http://www.plainjoe.org/ jerry at plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-technical
mailing list