docs: Remove references to security=share and security=server from the smb.conf docs

1 files changed, 5 insertions, 50 deletions

diff --git a/docs-xml/smbdotconf/security/passwordserver.xml b/docs-xml/smbdotconf/security/passwordserver.xml
index ad242c4a41..18baa9bdbc 100644
--- a/docs-xml/smbdotconf/security/passwordserver.xml
+++ b/docs-xml/smbdotconf/security/passwordserver.xml
@@ -4,17 +4,16 @@
                  advanced="1" wizard="1" developer="1"
 		 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
-    <para>By specifying the name of another SMB server 
-    or Active Directory domain controller with this option, 
-    and using <command moreinfo="none">security = [ads|domain|server]</command> 
+    <para>By specifying the name of a domain controller with this option,
+    and using <command moreinfo="none">security = [ads|domain]</command>
     it is possible to get Samba
     to do all its username/password validation using a specific remote server.</para>
 
-    <para>If the <parameter moreinfo="none">security</parameter> parameter is set to
-    <constant>domain</constant> or <constant>ads</constant>, then this option 
+    <para>Ideally, this option
     <emphasis>should not</emphasis> be used, as the default '*' indicates to Samba 
     to determine the best DC to contact dynamically, just as all other hosts in an 
-    AD domain do.  This allows the domain to be maintained without modification to 
+    AD domain do.  This allows the domain to be maintained (addition
+    and removal of domain controllers) without modification to
     the smb.conf file.  The cryptographic protection on the authenticated RPC calls
     used to verify passwords ensures that this default is safe.</para>
 
@@ -39,50 +38,6 @@
     parameter <smbconfoption name="name resolve order"/> and so may resolved
     by any method and order described in that parameter.</para>
 
-    <para>If the <parameter moreinfo="none">security</parameter> parameter is 
-    set to <constant>server</constant>, these additional restrictions apply:</para>
-
-    <itemizedlist>
-	<listitem>
-	    <para>You may list several password servers in 
-	    the <parameter moreinfo="none">password server</parameter> parameter, however if an 
-	    <command moreinfo="none">smbd</command> makes a connection to a password server, 
-	    and then the password server fails, no more users will be able 
-	    to be authenticated from this <command moreinfo="none">smbd</command>.  This is a 
-	    restriction of the SMB/CIFS protocol when in <command moreinfo="none">security = server
-	    </command> mode and cannot be fixed in Samba.</para>
-	</listitem>
-	    
-	<listitem>
-	    <para>You will have to ensure that your users 
-	    are able to login from the Samba server, as when in <command moreinfo="none">
-	    security = server</command>  mode the network logon will appear to 
-	    come from the Samba server rather than from the users workstation.</para>
-	</listitem>
-
-	<listitem>
-	    <para>The client must not select NTLMv2 authentication.</para>
-	</listitem>
-
-	<listitem>
-	  <para>The password server must be a machine capable of using 
-	  the &quot;LM1.2X002&quot; or the &quot;NT LM 0.12&quot; protocol, and it must be in 
-	  user level security mode.</para>
-	</listitem>
-
-	<listitem>
-	  <para>Using a password server  means your UNIX box (running
-	  Samba) is only as secure as (a host masquerading as) your password server. <emphasis>DO NOT
-	  CHOOSE A PASSWORD SERVER THAT  YOU DON'T COMPLETELY TRUST</emphasis>.
-	  </para>
-	</listitem>
-		
-	<listitem>
-	  <para>Never point a Samba server at itself for password serving.
-	  This will cause a loop and could lock up your Samba  server!</para>
-	</listitem>
-
-    </itemizedlist>
 </description>
 
 <related>security</related>