Summary of [Re: Default encrypted passwords = yes?]
Gerald (Jerry) Carter
jerry at samba.org
Thu Sep 27 13:49:03 GMT 2001
Here's how the discussion stands so far.
Pros
----
* more secure and is the recommended configuration
cons
----
* will break new samba installations by default
No one disagrees that everyone should be running
encrypted passwords. But I don't see people
screaming that your very first apache server should have
mod_ssl installed before you are even sure if the thing
works.
My sole point (and I will stop saying it after this) is
that configuring Samba is hard enough without adding this
default. It if is security we want, then lets add
lanman auth = no
mon protocol = NT1
That will kill off all lanman hashes and DOS clients
(including Windows 9x). What do people think about that?
I'm being absurd here of course. In this case the default
value is not about security. It is about helping a new admin
gain the confidence of a working server before moving onto more
complicated things. After you've done it once or twice,
you can start with "encrypt passwords = yes". I just think it
is a really bad idea from a support perspective, to make it the
default.
Of course, **if** we decide to do this, it will only be possible
in 3.0.
cheers, jerry
---------------------------------------------------------------------
www.samba.org SAMBA Team jerry_at_samba.org
www.plainjoe.org jerry_at_plainjoe.org
--"I never saved anything for the swim back." Ethan Hawk in Gattaca--
More information about the samba-technical
mailing list