kill security=share and security=server
Jeremy Allison
jra at samba.org
Thu Jan 27 14:21:51 MST 2011
On Fri, Jan 28, 2011 at 07:08:40AM +1000, Andrew Bartlett wrote:
>
> Does this still work? For which clients can you not simply specify
> 'readuser/password' and 'writeuser/password'?
>
> Can you give me an example of a working configuration (client and
> server) that actually uses this?
Indeed - we have *never* supported this on the server.
> That is why I so fully support removing this code completely. This was
> code I was scared of 10 years ago when I first did the auth rewrite, and
> still don't like. It is complex, security sensitive code, and it has so
> little hope of working fully with modern clients (Vista or above), and
> the main use case (I just want to get to my shares) has a simple
> equivalent.
>
> Having security=share force the max protocol certainly would work, but I
> think we miss an opportunity to simply remove this feature, and explain
> to our users that we wanted to have SMB2 consistently available, and not
> magically disabled by an apparently unrelated smb.conf option.
I want to remove security=share, but not by removing the option
in smb.conf, but have it silently upgrade to what it was already
doing internally anyway.
Jeremy.
More information about the samba-technical
mailing list