Summary of [Re: Default encrypted passwords = yes?]

Gerald (Jerry) Carter jerry at samba.org
Thu Sep 27 14:25:02 GMT 2001


As Shirish has suggested, a wiard type install script
which gathered information from the admin to create a customized default
smb.conf for their server would remove my concerns. :-)

Anyone?  Anyone?





jerry


On Thu, 27 Sep 2001, Gerald (Jerry) Carter wrote:

> Here's how the discussion stands so far.
>
> Pros
> ----
>   * more secure and is the recommended configuration
>
> cons
> ----
>   * will break new samba installations by default
>
>
> No one disagrees that everyone should be running
> encrypted passwords.  But I don't see people
> screaming that your very first apache server should have
> mod_ssl installed before you are even sure if the thing
> works.
>
> My sole point (and I will stop saying it after this) is
> that configuring Samba is hard enough without adding this
> default.  It if is security we want, then lets add
>
> 	lanman auth = no
> 	mon protocol = NT1
>
> That will kill off all lanman hashes and DOS clients
> (including Windows 9x).  What do people think about that?
>
> I'm being absurd here of course.  In this case the default
> value is not about security.  It is about helping a new admin
> gain the confidence of a working server before moving onto more
> complicated things.  After you've done it once or twice,
> you can start with "encrypt passwords = yes".  I just think it
> is a really bad idea from a support perspective, to make it the
> default.
>
> Of course, **if** we decide to do this, it will only be possible
> in 3.0.
>
>
>
>
>
> cheers, jerry
>  ---------------------------------------------------------------------
>  www.samba.org              SAMBA Team              jerry_at_samba.org
>  www.plainjoe.org                                jerry_at_plainjoe.org
>  --"I never saved anything for the swim back." Ethan Hawk in Gattaca--
>
>

-- 
 ---------------------------------------------------------------------
 www.samba.org              SAMBA Team              jerry_at_samba.org
 www.plainjoe.org                                jerry_at_plainjoe.org
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--






More information about the samba-technical mailing list