kill security=share and security=server

Andrew Bartlett abartlet at samba.org
Sat May 12 05:41:26 MDT 2012


On Sat, 2012-05-12 at 12:56 +0200, Stefan (metze) Metzmacher wrote:
> Hi,
> 
> >> Does Windows7 supports that, if not we should get rid of it.
> > 
> >> And I'd also love to get rid of security=server
> >> and auth/auth_server.c
> > 
> > Yes, please deprecate that too.  There are more users of security=server
> > (SMB servers running without IT authorization in large companies), but
> > we need to put the signal out there that this isn't the right way to
> > handle the problem, even if we renege on removing the feature in future.
> 
> Now where we removed security=share support, I think we should
> also remove security=server.
> 
> I'd like to push the following patches...

+1 From me for Samba 4.0.  What was a useful hack before we had the
tools to do domain joins properly now simply encourages problems because
of the increasing use of NTLMv2 by default.  Additionally I feel
security=server isn't appropriate with the security concerns of modern
networks. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org



More information about the samba-technical mailing list