Never send the LM response on cached credentials
Jeremy Allison
jra at samba.org
Tue Aug 29 06:16:01 GMT 2006
On Tue, Aug 29, 2006 at 03:51:36PM +1000, Andrew Bartlett wrote:
>
> Isn't the purpose of this to allow automatic login to websites, without
> prompting the user for a password?
Yep.
> Our defaults here suck. They let users down by exposing cleartext
> passwords.
If you're proposing changing our defaults to remove LM, I'm ok
with that. We need feedback on the list on the impact this will
have.
> For this new functionality, for the safety of our users, I want stronger
> defaults.
Fine by me.
Jeremy.
More information about the samba-technical
mailing list