summaryrefslogtreecommitdiff
path: root/docs/smbdotconf/security/updateencrypted.xml
blob: 551f4338f641dfa72da73586d48a13715e2a815d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<samba:parameter name="update encrypted"
                 context="G"
				 type="boolean"
                 basic="1" advanced="1" developer="1"
		 xmlns:samba="http://samba.org/common">
<description>

    <para>This boolean parameter allows a user logging on with
    a plaintext password to have their encrypted (hashed) password in
    the smbpasswd file to be updated automatically as they log
    on. This option allows a site to migrate from plaintext  	
    password authentication (users authenticate with plaintext  	
    password over the wire, and are checked against a UNIX account  	
    database) to encrypted password authentication (the SMB  	
    challenge/response authentication mechanism) without forcing all
    users to re-enter their passwords via smbpasswd at the time the 	
    change is made. This is a convenience option to allow the change
    over to encrypted passwords to be made over a longer period.
    Once all users have encrypted representations of their passwords
    in the smbpasswd file this parameter should be set to
    <constant>no</constant>.</para>

    <para>In order for this parameter to work correctly the <link linkend="ENCRYPTPASSWORDS">
    <parameter moreinfo="none">encrypt passwords</parameter></link> parameter must 
    be set to <constant>no</constant> when this parameter is set to <constant>yes</constant>.</para>

    <para>Note that even when this parameter is set a user 
    authenticating to <command moreinfo="none">smbd</command> must still enter a valid 
    password in order to connect correctly, and to update their hashed 
	(smbpasswd) passwords.</para>
</description>

<value type="default">no</value>
</samba:parameter>