Deprecate SMBv1 options and NT4-like domains for Samba 4.13?
jra at samba.org
Wed Jul 29 19:02:54 UTC 2020
On Wed, Jul 01, 2020 at 03:19:19PM +1200, Andrew Bartlett via samba-technical wrote:
> Samba 4.13 freezes soon, so I wanted to again propose adding things to
> the deprecated list.
> Yes, we add things to this list far faster then we remove the options,
> but the job for anyone wishing to remove features starts with this
> point, marking and announcing to our users that we are not going to
> keep every Samba option and feature forever.
> So I present to you this MR:
> No code is removed of course, and of course we are not going to remove
> code that FreeIPA needs, but even in between all that I think this is
> worth doing.
> (pdb_ldap is not impacted, I've dropped those references compared to my
> earlier MR)
> Parameter Name Description Default
> -------------- ----------- ------
> domain logons Deprecated no
> raw NTLMv2 auth Deprecated no
> client plaintext auth Deprecated no
> client NTLMv2 auth Deprecated yes
> client lanman auth Deprecated no
> client use spnego Deprecated yes
> If I get time I also hope to fold the only-used-by-attackers LMv2 into
> "raw NTLMv2 auth", so we can remove both in 4.14.
Sorry for the delay, just catching up on old stuff
in my inbox :-).
That looks good to me ! It's really good to start
marking obsolete stuff as, well, obsolete :-).
Anyone else got comments ?
More information about the samba-technical