[Samba] getting rid of lmhashes?
Andrew Bartlett
abartlet at samba.org
Fri Mar 10 22:18:43 GMT 2006
On Fri, 2006-03-03 at 17:48 -0500, Josh Kelley wrote:
> On 3/2/06, Mark Proehl <M.Proehl at science-computing.de> wrote:
> > is there a way of disabling the creation of the (insecure) lm-hash in
> > the passdb backend of a samba3-pdc?
>
> The standard way to disable LM hashes in a Microsoft shop is to
> configure the clients to not save them (Local Security Policy ->
> Security Options -> "Network security: Do not store LAN Manager hash
> value on next password change"). I don't think they even offer a
> server-side option to do so.
No, the server controls the hash generation (in almost all
circumstances), so this is a server option.
> It does seem like a useful feature for Samba.
It looks like jerry will add it, controlled by 'lanman auth = '.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20060311/086469d1/attachment.bin
More information about the samba
mailing list