summaryrefslogtreecommitdiff
path: root/docs/smbdotconf/security/passwordlevel.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs/smbdotconf/security/passwordlevel.xml')
-rw-r--r--docs/smbdotconf/security/passwordlevel.xml49
1 files changed, 49 insertions, 0 deletions
diff --git a/docs/smbdotconf/security/passwordlevel.xml b/docs/smbdotconf/security/passwordlevel.xml
new file mode 100644
index 0000000000..d3a8137678
--- /dev/null
+++ b/docs/smbdotconf/security/passwordlevel.xml
@@ -0,0 +1,49 @@
+<samba:parameter name="password level"
+ context="G"
+ type="integer"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<description>
+ <para>Some client/server combinations have difficulty
+ with mixed-case passwords. One offending client is Windows for
+ Workgroups, which for some reason forces passwords to upper
+ case when using the LANMAN1 protocol, but leaves them alone when
+ using COREPLUS! Another problem child is the Windows 95/98
+ family of operating systems. These clients upper case clear
+ text passwords even when NT LM 0.12 selected by the protocol
+ negotiation request/response.</para>
+
+ <para>This parameter defines the maximum number of characters
+ that may be upper case in passwords.</para>
+
+ <para>For example, say the password given was &quot;FRED&quot;. If <parameter moreinfo="none">
+ password level</parameter> is set to 1, the following combinations
+ would be tried if &quot;FRED&quot; failed:</para>
+
+ <para>&quot;Fred&quot;, &quot;fred&quot;, &quot;fRed&quot;, &quot;frEd&quot;,&quot;freD&quot;</para>
+
+ <para>If <parameter moreinfo="none">password level</parameter> was set to 2,
+ the following combinations would also be tried: </para>
+
+ <para>&quot;FRed&quot;, &quot;FrEd&quot;, &quot;FreD&quot;, &quot;fREd&quot;, &quot;fReD&quot;, &quot;frED&quot;, ..</para>
+
+ <para>And so on.</para>
+
+ <para>The higher value this parameter is set to the more likely
+ it is that a mixed case password will be matched against a single
+ case password. However, you should be aware that use of this
+ parameter reduces security and increases the time taken to
+ process a new connection.</para>
+
+ <para>A value of zero will cause only two attempts to be
+ made - the password as is and the password in all-lower case.</para>
+
+ <para>This parameter is used only when using plain-text passwords. It is
+ not at all used when encrypted passwords as in use (that is the default
+ since samba-3.0.0). Use this only when <link linkend="ENCRYPTPASSWORDS">
+ encrypt passwords = No</link>.</para>
+</description>
+
+<value type="default">0</value>
+<value type="example">4</value>
+</samba:parameter>