Disabling LM authentication

Gerald Carter gcarter at valinux.com
Mon Nov 27 19:33:50 GMT 2000


Steve Langasek wrote:
> 
> However, this would not prevent the client from 
> attempting to negotiate lanman auth, or the server 
> from accepting them; it would just mean that the client
> would be denied access.  Depending on where your 
> security concerns lie (sniffing vs. brute-forcing), 
> removing the LanMan passwords from the smbpasswd
> database may not provide any security improvement.

I never said it was perfect.  :-)  It only addresses
the brute forcing of lanman passwords in the event that
somone gets you smbpasswd file.

In the light of this I can see where DCB's patch would 
be useful now.  I'll talk to Jeremy and stick it in.





Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter at valinux.com
       http://www.samba.org/       SAMBA Team          jerry at samba.org
       http://www.plainjoe.org/                     jerry at plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )




More information about the samba-technical mailing list