Looks like there is no way to force Kerberos Auth with Samba?
Andrew Bartlett
abartlet at samba.org
Tue Aug 27 22:03:00 MDT 2013
On Tue, 2013-08-27 at 20:32 -0700, Richard Sharpe wrote:
> On Tue, Aug 27, 2013 at 8:24 PM, Jeremy Allison <jra at samba.org> wrote:
> > On Wed, Aug 28, 2013 at 01:02:19PM +1200, Andrew Bartlett wrote:
> >> On Tue, 2013-08-27 at 20:58 -0400, simo wrote:
> >> > On Tue, 2013-08-27 at 16:37 -0700, Richard Sharpe wrote:
> >> > > Hi folks,
> >> > >
> >> > > While LANMan auth is off by default in 3.6.x and above, at least, and
> >> > > we can turn off NTLM auth, it does not look like we can turn off
> >> > > NTLMv2 auth without code changes.
> >> > >
> >> > > Does this sound correct?
> >> >
> >> > I do not recall such an option, and it is not easy to find any spot in
> >> > the code that would cause ntlmssp to be disabled, no.
> >>
> >> Correct, there isn't an intentional option for this, yet. It is
> >> interesting that we have got to the point that kerberos-only is a
> >> serious thing that folks want. I've wanted such a day for a long time
> >> (DIE, NTLM, DIE! ;-)
> >
> > Shouldn't be too hard to add I think. After all it's
> > just bailing out if we don't take the krb5 auth path..
>
> Yeah. I just wanted to verify that there was no existing way to do it.
If I had to suggest a hack, try: "auth methods = "
(that would essentially kill off the NTLM auth subsystem)
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
More information about the samba-technical
mailing list