Summary of [Re: Default encrypted passwords = yes?]
Gerald (Jerry) Carter
jerry at samba.org
Thu Sep 27 14:25:02 GMT 2001
As Shirish has suggested, a wiard type install script
which gathered information from the admin to create a customized default
smb.conf for their server would remove my concerns. :-)
Anyone? Anyone?
jerry
On Thu, 27 Sep 2001, Gerald (Jerry) Carter wrote:
> Here's how the discussion stands so far.
>
> Pros
> ----
> * more secure and is the recommended configuration
>
> cons
> ----
> * will break new samba installations by default
>
>
> No one disagrees that everyone should be running
> encrypted passwords. But I don't see people
> screaming that your very first apache server should have
> mod_ssl installed before you are even sure if the thing
> works.
>
> My sole point (and I will stop saying it after this) is
> that configuring Samba is hard enough without adding this
> default. It if is security we want, then lets add
>
> lanman auth = no
> mon protocol = NT1
>
> That will kill off all lanman hashes and DOS clients
> (including Windows 9x). What do people think about that?
>
> I'm being absurd here of course. In this case the default
> value is not about security. It is about helping a new admin
> gain the confidence of a working server before moving onto more
> complicated things. After you've done it once or twice,
> you can start with "encrypt passwords = yes". I just think it
> is a really bad idea from a support perspective, to make it the
> default.
>
> Of course, **if** we decide to do this, it will only be possible
> in 3.0.
>
>
>
>
>
> cheers, jerry
> ---------------------------------------------------------------------
> www.samba.org SAMBA Team jerry_at_samba.org
> www.plainjoe.org jerry_at_plainjoe.org
> --"I never saved anything for the swim back." Ethan Hawk in Gattaca--
>
>
--
---------------------------------------------------------------------
www.samba.org SAMBA Team jerry_at_samba.org
www.plainjoe.org jerry_at_plainjoe.org
--"I never saved anything for the swim back." Ethan Hawk in Gattaca--
More information about the samba-technical
mailing list