"auto" for Kerberos, a history
Stefan Metzmacher
metze at samba.org
Thu Aug 20 09:19:32 UTC 2020
Am 20.08.20 um 10:31 schrieb Andrew Bartlett via samba-technical:
> On Thu, 2020-08-20 at 20:19 +1200, Andrew Bartlett via samba-technical
> wrote:
>> On Thu, 2020-08-20 at 08:53 +0200, Stefan Metzmacher wrote:
>>>
>>> yes means no fallback to NTLM,
>>>
>>> Should we use "disabled", "if_available", "required"
>>> instead of "no", "auto", "yes"?
>>
>> I think this is a good idea, and consistent (shock!) with the
>> smb.conf
>> options. As you know we already have the following synonum table,
>> which covers the required backwards compatibility:
>>
>> /* SMB signing types. */
>> static const struct enum_list enum_smb_signing_vals[] = {
>> {SMB_SIGNING_DEFAULT, "default"},
>> {SMB_SIGNING_OFF, "No"},
>> {SMB_SIGNING_OFF, "False"},
>> {SMB_SIGNING_OFF, "0"},
>> {SMB_SIGNING_OFF, "Off"},
>> {SMB_SIGNING_OFF, "disabled"},
>> {SMB_SIGNING_IF_REQUIRED, "if_required"},
>> {SMB_SIGNING_IF_REQUIRED, "Yes"},
>> {SMB_SIGNING_IF_REQUIRED, "True"},
>> {SMB_SIGNING_IF_REQUIRED, "1"},
>> {SMB_SIGNING_IF_REQUIRED, "On"},
>> {SMB_SIGNING_IF_REQUIRED, "enabled"},
>> {SMB_SIGNING_IF_REQUIRED, "auto"},
>> {SMB_SIGNING_DESIRED, "desired"},
>> {SMB_SIGNING_REQUIRED, "required"},
>> {SMB_SIGNING_REQUIRED, "mandatory"},
>> {SMB_SIGNING_REQUIRED, "force"},
>> {SMB_SIGNING_REQUIRED, "forced"},
>> {SMB_SIGNING_REQUIRED, "enforced"},
>> {-1, NULL}
>> };
>
> Drat. Yes means different things between this table and what we have
> meant for Kerberos. :-(
We have a similar table for encryption now and some of the mappings
are really strange and only justified as most people want performance
instead of protection.
I don't think we need 100% compat here.
But we could use "disabled", "desired", "required" for kerberos
as the main values.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20200820/9fb9395d/signature.sig>
More information about the samba-technical
mailing list