"auto" for Kerberos, a history
Andrew Bartlett
abartlet at samba.org
Thu Aug 20 08:31:41 UTC 2020
On Thu, 2020-08-20 at 20:19 +1200, Andrew Bartlett via samba-technical
wrote:
> On Thu, 2020-08-20 at 08:53 +0200, Stefan Metzmacher wrote:
> >
> > yes means no fallback to NTLM,
> >
> > Should we use "disabled", "if_available", "required"
> > instead of "no", "auto", "yes"?
>
> I think this is a good idea, and consistent (shock!) with the
> smb.conf
> options. As you know we already have the following synonum table,
> which covers the required backwards compatibility:
>
> /* SMB signing types. */
> static const struct enum_list enum_smb_signing_vals[] = {
> {SMB_SIGNING_DEFAULT, "default"},
> {SMB_SIGNING_OFF, "No"},
> {SMB_SIGNING_OFF, "False"},
> {SMB_SIGNING_OFF, "0"},
> {SMB_SIGNING_OFF, "Off"},
> {SMB_SIGNING_OFF, "disabled"},
> {SMB_SIGNING_IF_REQUIRED, "if_required"},
> {SMB_SIGNING_IF_REQUIRED, "Yes"},
> {SMB_SIGNING_IF_REQUIRED, "True"},
> {SMB_SIGNING_IF_REQUIRED, "1"},
> {SMB_SIGNING_IF_REQUIRED, "On"},
> {SMB_SIGNING_IF_REQUIRED, "enabled"},
> {SMB_SIGNING_IF_REQUIRED, "auto"},
> {SMB_SIGNING_DESIRED, "desired"},
> {SMB_SIGNING_REQUIRED, "required"},
> {SMB_SIGNING_REQUIRED, "mandatory"},
> {SMB_SIGNING_REQUIRED, "force"},
> {SMB_SIGNING_REQUIRED, "forced"},
> {SMB_SIGNING_REQUIRED, "enforced"},
> {-1, NULL}
> };
Drat. Yes means different things between this table and what we have
meant for Kerberos. :-(
I would still like a common table.
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list