Default encrypted passwords = yes?
James Nord
teilo at cdt.luth.se
Thu Sep 27 07:08:03 GMT 2001
Gerald Carter wrote:
>On Thu, 27 Sep 2001, Andrew Bartlett wrote:
>
>>Is there any reason not to make encrypted passwords the default in HEAD?
>>
>>It would seem that there is very little that samba can do without
>>encrypted passwords, inculuding anything that even mentions an NT
>>domain.
>>
>>I notice this becouse I have to test in with both settings, and I'm
>>always forgetting to turn it back on. I can imagine the annoyance
>>this must be to a new admin...
>>
>I would vote against it. Will add one more step to getting a
>simple working file server up for testing purposes.
>
>I do agree that enabling encrypted paasswords is the recommended,
>and sometimes required, configuration, but I would not make it the
>default.
>
well just my 2cents...
I have just finished giving a lecture about security in system
administratrion. One of the things I said to the students was the following
"If it uses unencrypted passwords over the network get rid of it and
replace it with an encrytped equivellent"
Any option that makes any program less secure should always be disabled.
Although this only applies to smbclient...
/James
--
Technology is a word that describes something that doesn't work yet.
Douglas Adams
More information about the samba-technical
mailing list