diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-12-23 02:18:53 +0000 |
---|---|---|
committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:46:09 -0500 |
commit | f8bbfee117102e3ad8020c86a289a3f5b9dad7b3 (patch) | |
tree | 6f03a0fa8e1b19148eb51120059fb263efa21fa1 /docs/smbdotconf | |
parent | ac612fd511bb99b1336e3b4a4ef6d183f1d7e037 (diff) | |
download | samba-f8bbfee117102e3ad8020c86a289a3f5b9dad7b3.tar.gz samba-f8bbfee117102e3ad8020c86a289a3f5b9dad7b3.tar.bz2 samba-f8bbfee117102e3ad8020c86a289a3f5b9dad7b3.zip |
Clarify that turning off lanman authentiation applies to password
changes as well.
Andrew Bartlett
(This used to be commit 09c4ae5d0b97f94a514fc587412fca2f8d0246a3)
Diffstat (limited to 'docs/smbdotconf')
-rw-r--r-- | docs/smbdotconf/security/lanmanauth.xml | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/docs/smbdotconf/security/lanmanauth.xml b/docs/smbdotconf/security/lanmanauth.xml index dba8d6f975..15265e7fb6 100644 --- a/docs/smbdotconf/security/lanmanauth.xml +++ b/docs/smbdotconf/security/lanmanauth.xml @@ -5,14 +5,16 @@ xmlns:samba="http://samba.org/common"> <description> <para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will attempt to authenticate users + <manvolnum>8</manvolnum></citerefentry> will attempt to + authenticate users or permit password changes using the LANMAN password hash. If disabled, only clients which support NT - password hashes (e.g. Windows NT/2000 clients, smbclient, etc... but not - Windows 95/98 or the MS DOS network client) will be able to connect to the Samba host.</para> + password hashes (e.g. Windows NT/2000 clients, smbclient, but not + Windows 95/98 or the MS DOS network client) will be able to + connect to the Samba host.</para> <para>The LANMAN encrypted response is easily broken, due to it's case-insensitive nature, and the choice of algorithm. Servers - without Windows 95/98 or MS DOS clients are advised to disable + without Windows 95/98/ME or MS DOS clients are advised to disable this option. </para> <para>Unlike the <command moreinfo="none">encypt @@ -24,7 +26,7 @@ <para>If this option, and <command moreinfo="none">ntlm auth</command> are both disabled, then only NTLMv2 logins will be permited. Not all clients support NTLMv2, and most will require - special configuration to us it.</para> + special configuration to use it.</para> </description> <value type="default">yes</value> |