PROPOSAL: deprecate plaintext password support (in SMB1) for 4.11?
nkadel at gmail.com
Wed Sep 4 22:46:46 UTC 2019
On Wed, Sep 4, 2019 at 8:07 AM Rowland penny <rpenny at samba.org> wrote:
> Given that the default in smb.conf for 'encrypt passwords' is 'yes' and
> has been so since (at least) Samba 3.6.x, deprecating it will not change
> anything and removing it, not much more.
> In case you haven't guessed by now, I am all for the removal, who thinks
> it is a good idea to send unencrypted passwords over the lan ?
People who wanted to be able to sniff them, or comply with requests to
sniff them. They still do, and send passwords in plain text, and send
clients passwords rather than send them a way to set a password.
More information about the samba-technical