Depricate auth parameters in 3.6, remove in master?

Andrew Bartlett abartlet at
Thu Jan 27 19:09:05 MST 2011

I would like to remove in master (for the 4.0 release) the following
parameters, and to give our users fair warning, I would like these
marked as deprecated in 3.6:

security=share (per the discussion)
username (only part of security=share username guessing)
encrypt passwords = no
password level
update encrypted
use spnego = no
server schannel = no
auth methods
enable privileges = no
domain master = yes (when domain logons = no, ie not a DC)
null passwords = yes (the meaning of the ACB_NOPWREQ isn't what we
thought it was)

I would like to remove these in master, so that I can work to bring more
of our auth code in common, and by reducing the combinational complexity
I can better assure that the changes are well tested, and allow a
simpler long term solution. 

I would also like to deprecate the running of the smbd file server as a
domain member without winbindd running.  (It need not be providing
nsswitch, but having each connection contact the DC is very inefficient
and creates races we have to lock against etc). 

I'm not wed to any of the above, but removing these configuration
options would make it easier to merge the codebases for 4.0, which I
would like to start on again soon.  Over the next few months, we can
take feedback from our users running 3.6 about if we need to put any of
these features back, or explain better how to work around features we


Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.

More information about the samba-technical mailing list