Disabling LM authentication
Steve Langasek
vorlon at netexpress.net
Mon Nov 27 19:12:45 GMT 2000
On Mon, 27 Nov 2000, Gerald Carter wrote:
> > Support for some of these options (and notes to
> > indicate what matches to what in configuration files,
> > or even better using the same numbers) would greatly
> > enhance a networks security.
> > (Even just allowing the removal of LM passwords
> > from the system would benefit system security, if it
> > it known no Win9X clients intend to connect)
> To disabler lanman auth, you should be able to just change
> the LanMan password hash field in smbpasswd to
> 'XXXXX...' (32 X's) but leave the NT Hash intact.
However, this would not prevent the client from attempting to negotiate lanman
auth, or the server from accepting them; it would just mean that the client
would be denied access. Depending on where your security concerns lie
(sniffing vs. brute-forcing), removing the LanMan passwords from the smbpasswd
database may not provide any security improvement.
Steve Langasek
postmodern programmer
More information about the samba-technical
mailing list