S3 plain text to encrypted password transition

simo idra at samba.org
Wed Jul 28 09:51:17 MDT 2010 

On Wed, 2010-07-28 at 17:41 +0200, Volker Lendecke wrote:
> On Wed, Jul 28, 2010 at 11:29:39AM -0400, simo wrote:
> > No client allows the use of plain text password anymore and has been
> > that way for ages now.
> 
> Oh, smbclient does, and iirc you can still modify modern
> Windows clients to use plain text passwords.

Yes, but how many people really needs to do that at all ?

> > The other 2 features you mention are completely different as they are
> > useful today, with today's clients.
> 
> Well, I've seen very strange behaviour with modern Windows
> clients against security=share servers. So it really depends
> on the notion of "useful today".

Just for the record, I am all happy to see security = share go away.

> > I wouldn't be so hasty with nacking.
> > 
> > It is a feature I do not see any user of since win9x went away long ago
> > (and win9x already made it difficult to use plain text passwords anyway
> > IIRC).
> 
> I just know that when I accidentially broke Win98 support
> for 3.4.0 (I think) bugzilla saw 4 bug reports about that
> within VERY few weeks. I also have a customer who after an
> upgrade called us in complete agony because his production
> boxes running the DOS redirector did not work anymore,
> because "lanman auth" had been turned off by default. This
> was less than 6 months ago.

yes, but do they need password migration ?

> What is it that in the last weeks people want to cut off old
> features? James needs to modify smbtorture not to use the
> old calls anymore, you need to remove the plain text upgrade
> thing. Is there something going on behind the scenes that I
> just did not notice?

I guess you didn't notice these things are old :-)

I am not aware of any grand plan, but some of these legacy things start
getting in the way of improving code and adding features.
When devs find they are in the way and see these are things 99% of our
users do not need anyway it make sense to question if we should get rid
of them instead of trying to jump through hops to try to keep the
functionality around (which, being basically untested, means also
probably breaking it anyway).

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>

More information about the samba-technical mailing list