[PATCH] Turn off NETLOGON by default on standalone/member servers
Andrew Bartlett
abartlet at samba.org
Fri Jul 22 09:23:50 UTC 2016
On Sun, 2016-06-12 at 10:22 +0200, Volker Lendecke wrote:
> On Sun, Jun 12, 2016 at 06:37:29PM +1200, Andrew Bartlett wrote:
> > Can we change this for 4.5? I think we really should reduce our
> > attack
> > surface, and stop offering so many protocols by default.
>
> +1. Can we make that a compile-time option such that the NETLOGON
> code is not even built if all an OEM wants is a file server?
>
> Volker
Just a heads-up that I plan on acting on this +1. I may not get to the
build options part, but I will smoke test this with a windows client
and propose this before 4.5, as there were no objections that I can
find, just ideas about how we can go further.
I'll come back with a patch that applies based on the one I offered for
4.2 for review.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list