Never send the LM response on cached credentials

Jeremy Allison jra at
Tue Aug 29 06:16:01 GMT 2006

On Tue, Aug 29, 2006 at 03:51:36PM +1000, Andrew Bartlett wrote:
> Isn't the purpose of this to allow automatic login to websites, without
> prompting the user for a password?


> Our defaults here suck.  They let users down by exposing cleartext
> passwords.  

If you're proposing changing our defaults to remove LM, I'm ok
with that. We need feedback on the list on the impact this will

> For this new functionality, for the safety of our users, I want stronger
> defaults.

Fine by me.


More information about the samba-technical mailing list