Never send the LM response on cached credentials
jra at samba.org
Tue Aug 29 06:16:01 GMT 2006
On Tue, Aug 29, 2006 at 03:51:36PM +1000, Andrew Bartlett wrote:
> Isn't the purpose of this to allow automatic login to websites, without
> prompting the user for a password?
> Our defaults here suck. They let users down by exposing cleartext
If you're proposing changing our defaults to remove LM, I'm ok
with that. We need feedback on the list on the impact this will
> For this new functionality, for the safety of our users, I want stronger
Fine by me.
More information about the samba-technical