Disable "ntlm auth" by default
Andrew Bartlett
abartlet at samba.org
Fri Jul 22 09:17:30 UTC 2016
On Fri, 2016-07-22 at 10:15 +0200, Stefan Metzmacher wrote:
> Hi,
>
> here're patches which change the default of the "ntlm auth"
> option from yes to no.
>
> Please review and push:-)
The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x. This needs
to be called out in the docs. Ideally we would have a tri-state here
to support this only when the MSV1_0_ALLOW_MSVCHAPV2 flag is specified
by a client.
(I hate this flag on principle, because it perpetuates the use of
NTLMv1 rather than forcing MS to rev to a sane, secure VPN and 802.1x
protocol).
Otherwise, I'm fine with this.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list