[Samba] getting rid of lmhashes?
Gerald (Jerry) Carter
jerry at samba.org
Tue Mar 7 13:00:52 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Bartlett wrote:
>> The only thing about the original patch that made me go
>> ughh was the new parameter. Can we piggy back this off
>> an existing setting somehow? Perhaps 'lanman auth = no'?
>
> That would be reasonable, and has pro's and cons:
>
> - The admin probably expects that 'lanman auth = no'
> prevents any work (storage and authentication) with
> the LM hash
>
> - But this prevents the admin from storing the hash
> for the future, in case he has to back out of the
> security upgrade (finds win9X machines back on
> the network).
Since it would only affect users who had changed their
password, I think that's ok. Unless anyone has violent
objections I'll make the smake change to Mark's patch
and get it in for 3.0.22.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEDYQEIR7qMdg1EfYRAszqAJ97E6TmVbzxRXiftmp6xisYt8KApwCdHUPn
KFsv+iCIvdHVnRdBxhN5xxA=
=01Fo
-----END PGP SIGNATURE-----
More information about the samba
mailing list