PROPOSAL: deprecate plaintext password support (in SMB1) for 4.11?

Stefan Metzmacher metze at
Wed Sep 4 10:58:25 UTC 2019

Hi Andrew,

> It is quite late for Samba 4.11 but I wondered what folks would think
> of marking 'encrypt passwords' as deprecated so we can consider to
> remove this code in Samba 4.12 (eg master) later this year?
> This would dovetail with the SMB1 deprecation effort and I hope also
> help find users who can't live without this (because SMB2 doesn't have
> this at all).  
> I'm unclear if this even works, given bugs like:
> If this is supported I'll polish up the attached patch and then write a
> WHATSNEW for 4.11.

I don't see an attached patch, but I like the idea of deprecating
plaintext passwords, maybe we should also deprecate lanman auth
and ntlmv1, we may not go on and remove them before SMB1, but
people should avoid them.

> It doesn't commit us to doing anything in master / 4.12 (and we might
> want to wait till closer to the end of the year for feedback), but I
> took a stab at seeing what it might allow us to remove and this was the
> diffstat (and there is probably more if we tried):

For now just mark them as deprecated and defer the removal decision.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list