Deprecate SMBv1 options and NT4-like domains for Samba 4.13?
Andrew Bartlett
abartlet at samba.org
Wed Jul 1 03:19:19 UTC 2020
Samba 4.13 freezes soon, so I wanted to again propose adding things to
the deprecated list.
Yes, we add things to this list far faster then we remove the options,
but the job for anyone wishing to remove features starts with this
point, marking and announcing to our users that we are not going to
keep every Samba option and feature forever.
So I present to you this MR:
https://gitlab.com/samba-team/samba/-/merge_requests/1398
No code is removed of course, and of course we are not going to remove
code that FreeIPA needs, but even in between all that I think this is
worth doing.
(pdb_ldap is not impacted, I've dropped those references compared to my
earlier MR)
Parameter Name Description Default
-------------- ----------- ------
domain logons Deprecated no
raw NTLMv2 auth Deprecated no
client plaintext auth Deprecated no
client NTLMv2 auth Deprecated yes
client lanman auth Deprecated no
client use spnego Deprecated yes
If I get time I also hope to fold the only-used-by-attackers LMv2 into
"raw NTLMv2 auth", so we can remove both in 4.14.
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list