PROPOSAL: deprecate plaintext password support (in SMB1) for 4.11?
Andrew Bartlett
abartlet at samba.org
Thu Sep 5 05:20:54 UTC 2019
On Thu, 2019-09-05 at 06:21 +0200, Stefan Metzmacher wrote:
> Hi Andrew,
>
> > > +1 on deprecate lanman auth and ntlmv1, but we can't
> > > remove I think until SMB1 is removed.
> >
> > OK, sorry for my late-night patch non-attachment. I think my mail
> > client even prompted me! Oops.
> >
> > I'll write up something similar for lanman auth. NTLMv1 will be with
> > us a long time due to MSCHAPv2 sadly, but I'll see about some stern
> > words.
> >
> > Thanks for the support. I agree actually decisions come a long time
> > later, after we asses the feedback. We might not even hear from real
> > users before 4.12 branches off given how long it takes folks to
> > actually start using new Samba versions.
>
> Can you do the same for the client side parameters?
See https://gitlab.com/samba-team/samba/merge_requests/770
There may be more, but this is most of the weak authentication
parameters.
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190905/3d96bdf0/signature.sig>
More information about the samba-technical
mailing list