svn commit: samba r6219 - in branches/SAMBA_4_0/source: librpc/rpc ntvfs/posix

Richard Sharpe rsharpe at
Thu Apr 7 16:23:24 GMT 2005

On Wed, 6 Apr 2005, Andrew Tridgell wrote:

> Richard,
>  > This change allows us to fall back to authenticating without
>  > DCERPC_SCHANNEL_128 if we fail. Thus, it allows us to work with Windows
>  > NT DCs ...
> Could you explain in what situation this is needed? What specific
> setup and set of calls is triggering this?

OK, we have had lots of additional discussion about this, and I have
concluded that the approach I took was wrong, because I made the code make
a policy decision about security when that should be in the hands of
administrators (if we even need to take that approach, that is).

The code should not be falling back to a less secure method of
authentication unless the administrator has requested that it do so.

> The reason I ask is that your patch makes the test suite testing of
> whether 128 bit schannel works completely useless.

Can you tell me how to run that test?

Richard Sharpe, rsharpe[at], rsharpe[at],

More information about the samba-technical mailing list