From 5cd3d3f14ef56ff5f1d92aba0174649f3d368f66 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <ab@samba.org>
Date: Thu, 27 Mar 2003 15:27:19 +0000
Subject: Add new framework for smb.conf(5). Please read README before trying
 to compile. I will commit more meta-information updates during week-end.
 (This used to be commit 8d684dffab6a90b3d612a1aa2b2c457a2bc2e6ac)

---
 .../smbdotconf/security/updateencrypted.xml        | 28 ++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 docs/docbook/smbdotconf/security/updateencrypted.xml

(limited to 'docs/docbook/smbdotconf/security/updateencrypted.xml')

diff --git a/docs/docbook/smbdotconf/security/updateencrypted.xml b/docs/docbook/smbdotconf/security/updateencrypted.xml
new file mode 100644
index 0000000000..45c66e0de2
--- /dev/null
+++ b/docs/docbook/smbdotconf/security/updateencrypted.xml
@@ -0,0 +1,28 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+		<term><anchor id="UPDATEENCRYPTED"/>update encrypted (G)</term>
+		<listitem><para>This boolean parameter allows a user logging 
+		on with a plaintext password to have their encrypted (hashed) 
+		password in the smbpasswd file to be updated automatically as 
+		they log on. This option allows a site to migrate from plaintext 
+		password authentication (users authenticate with plaintext 
+		password over the wire, and are checked against a UNIX account 
+		database) to encrypted password authentication (the SMB 
+		challenge/response authentication mechanism) without forcing
+		all users to re-enter their passwords via smbpasswd at the time the
+		change is made. This is a convenience option to allow the change over
+		to encrypted passwords to be made over a longer period. Once all users
+		have encrypted representations of their passwords in the smbpasswd
+		file this parameter should be set to <constant>no</constant>.</para>
+
+		<para>In order for this parameter to work correctly the <link linkend="ENCRYPTPASSWORDS"><parameter moreinfo="none">encrypt passwords</parameter>
+		</link> parameter must be set to <constant>no</constant> when
+		this parameter is set to <constant>yes</constant>.</para>
+
+		<para>Note that even when this parameter is set a user 
+		authenticating to <command moreinfo="none">smbd</command> must still enter a valid 
+		password in order to connect correctly, and to update their hashed 
+		(smbpasswd) passwords.</para>
+
+  		<para>Default: <command moreinfo="none">update encrypted = no</command></para>
+		</listitem>
+		</samba:parameter>
-- 
cgit