Summary of [Re: Default encrypted passwords = yes?]
jay at toltec.metran.cx
Thu Sep 27 15:37:02 GMT 2001
> As Shirish has suggested, a wi[z]ard type install script
> which gathered information from the admin to create a customized default
> smb.conf for their server would remove my concerns. :-)
> Anyone? Anyone?
I think that is an extremely cool idea!
After reading and writing a bunch of messages on this
topic, it occured to me that perhaps the best solution
would be to leave the functionality of smbd as-is,
and change other things in the distribution, such as:
- SWAT: have it default to encrypted passwords (if
it doesn't already).
- sample smb.conf files, especially examples/smb.conf.default:
include "encrypted passwords = yes"
(in 2.2.1a, it is commented out, with a message saying not
to enable it until after reading about this issue in the textdocs)
- documentation: make sure it is clear to new admins that
encrypted passwords need to be used unless there are
"legacy" Win95, WinNT or older systems on the net.
In other words, treat the older Windows versions as the exceptions,
and orient the default configuration, including documentation,
toward Windows 98/ME/200/XP, with which a "newbie" admin is more likely
to be working at this point (or if not right now, pretty soon).
The idea (at least ;) is that we could have:
> > pros
> > ----
> > * more secure and is the recommended configuration
> > cons
> > ----
> > * will break new samba installations by default
In addition, a wizard as you suggest would put the icing
on the cake, so to speak. Or maybe we could start with
the icing and make the cake later. :-)
- Jay Ts
jayts at iname.com
More information about the samba-technical