[linux-cifs-client] Re: [PATCH] Add support for using server
supplied principal (mic option)
Andrew Bartlett
abartlet at samba.org
Tue Aug 26 01:04:43 GMT 2008
On Mon, 2008-08-25 at 20:27 -0400, Jeff Layton wrote:
> Definitely a legit question. If we can always fall back to NTLM then
> there's very little reason to ever trust the server-supplied principal.
>
> > The original reason we allowed this in the first place (in Samba3) was
> > that machine accounts were not permitted to do NTLM, and we needed a
> > 'way in' to Microsoft domain controllers, on broken networks.
>
>
> Is this no longer the case?
Machine accounts are now treated exactly the same as user accounts, for
these purposes.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080826/6ee111f4/attachment.bin
More information about the samba-technical
mailing list