[linux-cifs-client] Re: [PATCH] Add support for using server supplied principal (mic option)

Andrew Bartlett abartlet at samba.org
Tue Aug 26 01:04:43 GMT 2008

On Mon, 2008-08-25 at 20:27 -0400, Jeff Layton wrote:

> Definitely a legit question. If we can always fall back to NTLM then
> there's very little reason to ever trust the server-supplied principal.
> > The original reason we allowed this in the first place (in Samba3) was
> > that machine accounts were not permitted to do NTLM, and we needed a
> > 'way in' to Microsoft domain controllers, on broken networks.
> Is this no longer the case?

Machine accounts are now treated exactly the same as user accounts, for
these purposes.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080826/6ee111f4/attachment.bin

More information about the samba-technical mailing list