Disabling LM authentication

Gerald Carter gcarter at valinux.com
Mon Nov 27 18:50:46 GMT 2000

David Collier-Brown wrote:
>         My comment was:
> This is a proposed defence against downgrading attack during
> protocol negotiation: it has not yet been reported as a problem,
> but I suspect that negotiating CORE with them will result in
> unsuspecting clients sending plain-text passwords.

hmmm....downgrade attacks are server based.  I'm not sure 
what this gains you.  If a client wants to send you
a list of older protocols, then that's the client's decision.

> Not to speak about our passing through rarely-tested 
> code (;-))

I could see this as an aguement, but not a security risk 
really.  Am I missing something?

Cheers, jerry
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter at valinux.com
       http://www.samba.org/       SAMBA Team          jerry at samba.org
       http://www.plainjoe.org/                     jerry at plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-technical mailing list