Looks like there is no way to force Kerberos Auth with Samba?

Jeremy Allison jra at samba.org
Tue Aug 27 21:24:16 MDT 2013


On Wed, Aug 28, 2013 at 01:02:19PM +1200, Andrew Bartlett wrote:
> On Tue, 2013-08-27 at 20:58 -0400, simo wrote:
> > On Tue, 2013-08-27 at 16:37 -0700, Richard Sharpe wrote:
> > > Hi folks,
> > > 
> > > While LANMan auth is off by default in 3.6.x and above, at least, and
> > > we can turn off NTLM auth, it does not look like we can turn off
> > > NTLMv2 auth without code changes.
> > > 
> > > Does this sound correct?
> > 
> > I do not recall such an option, and it is not easy to find any spot in
> > the code that would cause ntlmssp to be disabled, no.
> 
> Correct, there isn't an intentional option for this, yet.  It is
> interesting that we have got to the point that kerberos-only is a
> serious thing that folks want.  I've wanted such a day for a long time
> (DIE, NTLM, DIE! ;-)

Shouldn't be too hard to add I think. After all it's
just bailing out if we don't take the krb5 auth path..

Jeremy.


More information about the samba-technical mailing list