Disable "ntlm auth" by default

Andrew Bartlett abartlet at samba.org
Fri Jul 22 09:51:17 UTC 2016


On Fri, 2016-07-22 at 11:36 +0200, Stefan Metzmacher wrote:
> Am 22.07.2016 um 11:17 schrieb Andrew Bartlett:
> > On Fri, 2016-07-22 at 10:15 +0200, Stefan Metzmacher wrote:
> > > Hi,
> > > 
> > > here're patches which change the default of the "ntlm auth"
> > > option from yes to no.
> > > 
> > > Please review and push:-)
> > 
> > The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.  This
> > needs
> > to be called out in the docs.  Ideally we would have a tri-state
> > here
> > to support this only when the MSV1_0_ALLOW_MSVCHAPV2 flag is
> > specified
> > by a client. 
> 
> I've added notes regarding "The primary user of NTLMv1 is MSCHAPv2
> for
> VPNs and 802.1x".
> 
> But I think magic regarding the MSV1_0_ALLOW_MSVCHAPV2 flag, is a
> task
> for another day.

Agreed.  It would need good tests etc, more than we can do for now, and
this is easy to spot and fix on upgrade.

> Is the attached version fine for master/4.5 now?

Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Thanks!

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba






More information about the samba-technical mailing list