[Samba] Remove LanMan auth from the AD DC and possibly file server?
Jeremy Allison
jra at samba.org
Wed Jan 26 18:14:51 UTC 2022
On Thu, Jan 27, 2022 at 07:06:25AM +1300, Andrew Bartlett via samba wrote:
>On Wed, 2022-01-26 at 07:14 -0700, David Mulder via samba wrote:
>> On 1/26/22 6:55 AM, Patrick Goetz via samba wrote:
>> > In any case, however inappropriate it is for me to offer an
>> > opinion,
>> > maybe it's time to branch? Create a samba4-legacy branch which
>> > only
>> > gets security patches and otherwise never changes, and a samba4
>> > main
>> > branch from which old junk is ruthlessly stripped without mercy
>> > and
>> > which is updated to work with the endless Windows updates that
>> > break
>> > things in Samba
>> >
>>
>> IMHO, I'd rather move forward with the stripping without mercy, and
>> let
>> someone else do the forking if they really need legacy cruft.
>
>I agree, and the issue is the maintenance cost.
>
>We simply don't have the resources to provide even security patches to
>what will soon be such an old version, and much of the motivation is to
>avoid accidentally creating or leaving in security issues in rare
>codepaths while working on this stuff.
Yep. David and I have a background project going on
making SMB1 support a configure-time option, on by
default until our tests are converted over (but able
for OEMs and distros to set it to "off"), and then ultimately
removing it from our code. Then smbd will finally be
SMB2-only :-).
More information about the samba
mailing list