PROPOSAL: deprecate plaintext password support (in SMB1) for 4.11?

Jeremy Allison jra at
Wed Sep 4 15:54:50 UTC 2019

On Wed, Sep 04, 2019 at 12:58:25PM +0200, Stefan Metzmacher via samba-technical wrote:
> Hi Andrew,
> > It is quite late for Samba 4.11 but I wondered what folks would think
> > of marking 'encrypt passwords' as deprecated so we can consider to
> > remove this code in Samba 4.12 (eg master) later this year?
> > 
> > This would dovetail with the SMB1 deprecation effort and I hope also
> > help find users who can't live without this (because SMB2 doesn't have
> > this at all).  
> > 
> > I'm unclear if this even works, given bugs like:
> >
> > 
> > If this is supported I'll polish up the attached patch and then write a
> > WHATSNEW for 4.11.
> I don't see an attached patch, but I like the idea of deprecating
> plaintext passwords,

+1 on removing the plaintext password code.

> maybe we should also deprecate lanman auth
> and ntlmv1, we may not go on and remove them before SMB1, but
> people should avoid them.
> > It doesn't commit us to doing anything in master / 4.12 (and we might
> > want to wait till closer to the end of the year for feedback), but I
> > took a stab at seeing what it might allow us to remove and this was the
> > diffstat (and there is probably more if we tried):
> For now just mark them as deprecated and defer the removal decision.

+1 on deprecate lanman auth and ntlmv1, but we can't
remove I think until SMB1 is removed.

Just my 2cents.

More information about the samba-technical mailing list