From f8bbfee117102e3ad8020c86a289a3f5b9dad7b3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 23 Dec 2004 02:18:53 +0000 Subject: Clarify that turning off lanman authentiation applies to password changes as well. Andrew Bartlett (This used to be commit 09c4ae5d0b97f94a514fc587412fca2f8d0246a3) --- docs/smbdotconf/security/lanmanauth.xml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'docs/smbdotconf/security/lanmanauth.xml') diff --git a/docs/smbdotconf/security/lanmanauth.xml b/docs/smbdotconf/security/lanmanauth.xml index dba8d6f975..15265e7fb6 100644 --- a/docs/smbdotconf/security/lanmanauth.xml +++ b/docs/smbdotconf/security/lanmanauth.xml @@ -5,14 +5,16 @@ xmlns:samba="http://samba.org/common"> This parameter determines whether or not smbd - 8 will attempt to authenticate users + 8 will attempt to + authenticate users or permit password changes using the LANMAN password hash. If disabled, only clients which support NT - password hashes (e.g. Windows NT/2000 clients, smbclient, etc... but not - Windows 95/98 or the MS DOS network client) will be able to connect to the Samba host. + password hashes (e.g. Windows NT/2000 clients, smbclient, but not + Windows 95/98 or the MS DOS network client) will be able to + connect to the Samba host. The LANMAN encrypted response is easily broken, due to it's case-insensitive nature, and the choice of algorithm. Servers - without Windows 95/98 or MS DOS clients are advised to disable + without Windows 95/98/ME or MS DOS clients are advised to disable this option. Unlike the encypt @@ -24,7 +26,7 @@ If this option, and ntlm auth are both disabled, then only NTLMv2 logins will be permited. Not all clients support NTLMv2, and most will require - special configuration to us it. + special configuration to use it. yes -- cgit