kill security=share and security=server

Jeremy Allison jra at samba.org
Thu Jan 27 14:21:51 MST 2011


On Fri, Jan 28, 2011 at 07:08:40AM +1000, Andrew Bartlett wrote:
> 
> Does this still work?  For which clients can you not simply specify
> 'readuser/password' and 'writeuser/password'?  
>
> Can you give me an example of a working configuration (client and
> server) that actually uses this?

Indeed - we have *never* supported this on the server.

> That is why I so fully support removing this code completely.  This was
> code I was scared of 10 years ago when I first did the auth rewrite, and
> still don't like.  It is complex, security sensitive code, and it has so
> little hope of working fully with modern clients (Vista or above), and
> the main use case (I just want to get to my shares) has a simple
> equivalent. 
> 
> Having security=share force the max protocol certainly would work, but I
> think we miss an opportunity to simply remove this feature, and explain
> to our users that we wanted to have SMB2 consistently available, and not
> magically disabled by an apparently unrelated smb.conf option. 

I want to remove security=share, but not by removing the option
in smb.conf, but have it silently upgrade to what it was already
doing internally anyway.

Jeremy.


More information about the samba-technical mailing list