Different parameters in Samba 3 and Samba 4

Andrew Bartlett abartlet at samba.org
Tue Oct 21 23:10:38 GMT 2008

On Tue, 2008-10-21 at 15:10 +0200, Jelmer Vernooij wrote:
> I had a look at what parameters are only present in Samba 3 and not
> Samba 4 and the other way around. 
> Here is the list - lines with - are what's in Samba 3, + is what's in
> Samba 4.

> +	client use spnego principal = No

This is the option that I discussed a couple of months ago, but failed
to get a chance to implement for Samba3.  Setting this to 'no' in Samba4
avoids a class of kerberos man-in-the-middle attacks, and I need to work
with folks to implement this in Samba3.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20081022/d3fd09fd/attachment.bin

More information about the samba-technical mailing list