"auto" for Kerberos, a history

L.P.H. van Belle belle at bazuin.nl
Thu Aug 20 08:02:35 UTC 2020

> >> The idea (when this was written) was to at least try 
> Kerberos, rather
> >> than continuing to default to NTLM only.  (And on the flip side, to
> >> continue to work in the many - at the time - networks where AD was
> >> functioning only with NTLM).
> >>
> >> Andrew Bartlett
> >>
> > Why not just set the default to 'yes' and if this fails, 
> fall back to NTLM, this is what 'auto' seems to mean. To me, 
> 'auto' is confusing and to top it off, it doesn't seem
> > to be documented anywhere.
> yes means no fallback to NTLM,
> Should we use "disabled", "if_available", "required"
> instead of "no", "auto", "yes"?
> metze

Yes Metze, that looks/reads it way better in my opinion.

I would like to see it like this and we only need disable/required, but this looks clear to me. 

-k required/yes  (enforces Kerberos auth) 
-k auto 	     (when its not defined as parameter)
-k disabled/no   (enforces NTLM auth) 

So if you just look now at a parameter like this, its way better to read/understand.
What it does. 
Way better to understand that only : -k KERBEROS

I vote for
> Should we use "disabled", "if_available", "required"
Or both as shown above. 



More information about the samba-technical mailing list