diff options
author | Stefan Metzmacher <metze@samba.org> | 2012-05-12 12:00:00 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2012-05-15 08:18:28 +0200 |
commit | b4abd3faaf3bdcbcd24fed8325960ccdee43bea9 (patch) | |
tree | 72b6ef1be7b90ff79401843cc36efb91c5db2470 /lib/param/loadparm_server_role.c | |
parent | 053fcfef0fa680e2443a07933973f0f21624c336 (diff) | |
download | samba-b4abd3faaf3bdcbcd24fed8325960ccdee43bea9.tar.gz samba-b4abd3faaf3bdcbcd24fed8325960ccdee43bea9.tar.bz2 samba-b4abd3faaf3bdcbcd24fed8325960ccdee43bea9.zip |
s3-auth: remove "security=server" (depricated since 3.6)
"security=server" has a lot of problems in the world with
modern security (ntlmv2 and krb5). It was also not very
reliable, as it needed a stable connection to the password
server for the lifetime of the whole client connection!
Please use "security=domain" or "security=ads" is you
authentication against remote servers (domain controllers).
metze
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SERVER |
| security=server |
| |
| |
| 12 May |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
Diffstat (limited to 'lib/param/loadparm_server_role.c')
-rw-r--r-- | lib/param/loadparm_server_role.c | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c index 4ba54b9131..9ff64be046 100644 --- a/lib/param/loadparm_server_role.c +++ b/lib/param/loadparm_server_role.c @@ -73,13 +73,6 @@ int lp_find_server_role(int server_role, int security, int domain_logons, int do role = ROLE_STANDALONE; switch (security) { - case SEC_SERVER: - if (domain_logons) { - DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n")); - } - /* this used to be considered ROLE_DOMAIN_MEMBER but that's just wrong */ - role = ROLE_STANDALONE; - break; case SEC_DOMAIN: if (domain_logons) { DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n")); @@ -157,7 +150,7 @@ bool lp_is_security_and_server_role_valid(int server_role, int security) valid = true; break; case ROLE_STANDALONE: - if (security == SEC_SERVER || security == SEC_USER) { + if (security == SEC_USER) { valid = true; } break; |