"auto" for Kerberos, a history
L.P.H. van Belle
belle at bazuin.nl
Thu Aug 20 08:02:35 UTC 2020
> >> The idea (when this was written) was to at least try
> Kerberos, rather
> >> than continuing to default to NTLM only. (And on the flip side, to
> >> continue to work in the many - at the time - networks where AD was
> >> functioning only with NTLM).
> >>
> >> Andrew Bartlett
> >>
> > Why not just set the default to 'yes' and if this fails,
> fall back to NTLM, this is what 'auto' seems to mean. To me,
> 'auto' is confusing and to top it off, it doesn't seem
> > to be documented anywhere.
>
> yes means no fallback to NTLM,
>
> Should we use "disabled", "if_available", "required"
> instead of "no", "auto", "yes"?
>
> metze
>
Yes Metze, that looks/reads it way better in my opinion.
I would like to see it like this and we only need disable/required, but this looks clear to me.
-k required/yes (enforces Kerberos auth)
-k auto (when its not defined as parameter)
-k disabled/no (enforces NTLM auth)
So if you just look now at a parameter like this, its way better to read/understand.
What it does.
Way better to understand that only : -k KERBEROS
I vote for
> Should we use "disabled", "if_available", "required"
Or both as shown above.
Greetz,
Louis
More information about the samba-technical
mailing list