kill security=share and security=server

TAKAHASHI Motonobu monyo at
Thu Jan 27 10:16:18 MST 2011

2011/1/27 Andrew Bartlett <abartlet at>:
>> On Wed, 2011-01-26 at 15:11 -0600, Christopher R. Hertel wrote:
>> Unfortunately, for SMB1 many people still use share-mode authentication in
>> low-level applications, such as home servers.
> Home servers are the easy case, as 'map to guest = bad user' will handle
> it very well.

One important advantage about "security = share" is to set both
read-only password and read-write password to each shares.

Some users still use "security = share" for this purpose.

The mapping will only confuse people, I think.
If you decide to remove "security = share", simply to  remove is the best.

2011/1/27 Volker Lendecke <Volker.Lendecke at>:
> On Wed, Jan 26, 2011 at 03:55:23PM -0800, Jeremy Allison wrote:
>> Ok, here's a patch to expunge SEC_SHARE from the world :-).
>> Internally maps inside loadparm.c.
>> Untested (but currently under test :-). Please comment !
> I vote against this. With a 4.0 release, yes, but not with a
> minor 3.x release.

To remove "security = share" is a big change, so I wish not to remove
it in 3.x release for SMB1, too.

2011/1/27 Andrew Bartlett <abartlet at>:
> I vote for killing security = share over SMB2

For SMB2, I agree with you.

Also I am afraid of NT4-style DC support.

TAKAHASHI Motonobu <monyo at>

More information about the samba-technical mailing list