[Samba] how to disable RC4 in samba
Andrew Bartlett
abartlet at samba.org
Thu May 3 08:44:08 UTC 2018
On Thu, 2018-05-03 at 14:41 +0800, ryanyang51--- via samba wrote:
> Hello,
> I find that samba support several encrypt method. Iwant to disable RC4, where can I set it? My samba version is 4.5.16.
> Thanks.
No, this isn't possible. At best you could remove the use of arcfour-
hmac-md4 from Kerberos and RC4 from netlogon.
For netlogon, set 'reject md5 clients = yes'
For kerberos, see the krb5.conf
The rest as listed here can't be directly controlled, particularly in
your older version:
https://gitlab.com/catalyst-samba/samba-docs/wikis/cryptography/what-pa
rts-of-samba-use-cryptography-and-what-algorithms-are-used
Samba 4.7 supports 'ntlm auth = disabled' which will block some more of
these indirectly however.
I hope this helps. If you can explain your use case it will assist me
in helping you further.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list