From c49b32e492580f774ef7faa323e244749196027d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 1 Jun 2003 06:40:35 +0000
Subject: Update the doco on 'restrict anonymous' (note that 'guest ok' kills
 off the benifit of RA=2), explain better what 'ntlm auth' and 'lanman auth'
 do, and fix use spnego - all win2k clients use spnego.

Work on the client-side still needs to be done, but I realised that I need
to add a paramter to close off all plaintext authentication before documenting
'client lanman auth' will make any sense.

Andrew Bartlett
(This used to be commit f264846537d7aa66e7bbb71c17bf215dc23f07e2)
---
 docs/docbook/smbdotconf/security/restrictanonymous.xml | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'docs/docbook/smbdotconf/security/restrictanonymous.xml')

diff --git a/docs/docbook/smbdotconf/security/restrictanonymous.xml b/docs/docbook/smbdotconf/security/restrictanonymous.xml
index 803bc06b2b..8ec860c17e 100644
--- a/docs/docbook/smbdotconf/security/restrictanonymous.xml
+++ b/docs/docbook/smbdotconf/security/restrictanonymous.xml
@@ -19,6 +19,11 @@
     The security advantage of using restrict anonymous = 1 is dubious,
     as user and group list information can be obtained using other
     means.
+
+    The security advantage of using restrict anonymous = 2 is removed
+    by setting <link linkend="GUESTOK"><parameter moreinfo="none">guest
+    ok</parameter></link> = yes</para> on any share.
+
     </para>
 
     <para>Default: <command moreinfo="none">restrict anonymous = 0</command></para>
-- 
cgit