summaryrefslogtreecommitdiff
path: root/docs/smbdotconf
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-12-23 02:18:53 +0000
committerGerald W. Carter <jerry@samba.org>2008-04-23 08:46:09 -0500
commitf8bbfee117102e3ad8020c86a289a3f5b9dad7b3 (patch)
tree6f03a0fa8e1b19148eb51120059fb263efa21fa1 /docs/smbdotconf
parentac612fd511bb99b1336e3b4a4ef6d183f1d7e037 (diff)
downloadsamba-f8bbfee117102e3ad8020c86a289a3f5b9dad7b3.tar.gz
samba-f8bbfee117102e3ad8020c86a289a3f5b9dad7b3.tar.bz2
samba-f8bbfee117102e3ad8020c86a289a3f5b9dad7b3.zip
Clarify that turning off lanman authentiation applies to password
changes as well. Andrew Bartlett (This used to be commit 09c4ae5d0b97f94a514fc587412fca2f8d0246a3)
Diffstat (limited to 'docs/smbdotconf')
-rw-r--r--docs/smbdotconf/security/lanmanauth.xml12
1 files changed, 7 insertions, 5 deletions
diff --git a/docs/smbdotconf/security/lanmanauth.xml b/docs/smbdotconf/security/lanmanauth.xml
index dba8d6f975..15265e7fb6 100644
--- a/docs/smbdotconf/security/lanmanauth.xml
+++ b/docs/smbdotconf/security/lanmanauth.xml
@@ -5,14 +5,16 @@
xmlns:samba="http://samba.org/common">
<description>
<para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> will attempt to authenticate users
+ <manvolnum>8</manvolnum></citerefentry> will attempt to
+ authenticate users or permit password changes
using the LANMAN password hash. If disabled, only clients which support NT
- password hashes (e.g. Windows NT/2000 clients, smbclient, etc... but not
- Windows 95/98 or the MS DOS network client) will be able to connect to the Samba host.</para>
+ password hashes (e.g. Windows NT/2000 clients, smbclient, but not
+ Windows 95/98 or the MS DOS network client) will be able to
+ connect to the Samba host.</para>
<para>The LANMAN encrypted response is easily broken, due to it's
case-insensitive nature, and the choice of algorithm. Servers
- without Windows 95/98 or MS DOS clients are advised to disable
+ without Windows 95/98/ME or MS DOS clients are advised to disable
this option. </para>
<para>Unlike the <command moreinfo="none">encypt
@@ -24,7 +26,7 @@
<para>If this option, and <command moreinfo="none">ntlm
auth</command> are both disabled, then only NTLMv2 logins will be
permited. Not all clients support NTLMv2, and most will require
- special configuration to us it.</para>
+ special configuration to use it.</para>
</description>
<value type="default">yes</value>