Summary of [Re: Default encrypted passwords = yes?]

Gerald (Jerry) Carter jerry at
Thu Sep 27 13:49:03 GMT 2001

Here's how the discussion stands so far.

  * more secure and is the recommended configuration

  * will break new samba installations by default

No one disagrees that everyone should be running
encrypted passwords.  But I don't see people
screaming that your very first apache server should have
mod_ssl installed before you are even sure if the thing

My sole point (and I will stop saying it after this) is
that configuring Samba is hard enough without adding this
default.  It if is security we want, then lets add

	lanman auth = no
	mon protocol = NT1

That will kill off all lanman hashes and DOS clients
(including Windows 9x).  What do people think about that?

I'm being absurd here of course.  In this case the default
value is not about security.  It is about helping a new admin
gain the confidence of a working server before moving onto more
complicated things.  After you've done it once or twice,
you can start with "encrypt passwords = yes".  I just think it
is a really bad idea from a support perspective, to make it the

Of course, **if** we decide to do this, it will only be possible
in 3.0.

cheers, jerry
 ---------------------------------------------------------------------              SAMBA Team                          
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--

More information about the samba-technical mailing list