mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
CVE-2022-38023 docs-xml: improve wording for several options: "yields precedence" -> "is over-riden"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 830e865ba5
)
This commit is contained in:
parent
af08dd3e25
commit
421398ce5e
@ -18,7 +18,7 @@
|
||||
|
||||
<para>"allow nt4 crypto = yes" allows weak crypto to be negotiated, maybe via downgrade attacks.</para>
|
||||
|
||||
<para>This option yields precedence to the 'reject md5 clients' option.</para>
|
||||
<para>This option is over-ridden by the 'reject md5 clients' option.</para>
|
||||
</description>
|
||||
|
||||
<value type="default">no</value>
|
||||
|
@ -15,7 +15,7 @@
|
||||
<para>The behavior can be overwritten per interface name (e.g. lsarpc, netlogon, samr, srvsvc,
|
||||
winreg, wkssvc ...) by using 'allow dcerpc auth level connect:interface = yes' as option.</para>
|
||||
|
||||
<para>This option yields precedence to the implementation specific restrictions.
|
||||
<para>This option is over-ridden by the implementation specific restrictions.
|
||||
E.g. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY.
|
||||
The dnsserver protocol requires DCERPC_AUTH_LEVEL_INTEGRITY.
|
||||
</para>
|
||||
|
@ -23,7 +23,7 @@
|
||||
<para>Note that for active directory domains this is hardcoded to
|
||||
<smbconfoption name="client schannel">yes</smbconfoption>.</para>
|
||||
|
||||
<para>This option yields precedence to the <smbconfoption name="require strong key"/> option.</para>
|
||||
<para>This option is over-ridden by the <smbconfoption name="require strong key"/> option.</para>
|
||||
</description>
|
||||
<value type="default">yes</value>
|
||||
<value type="example">auto</value>
|
||||
|
@ -23,7 +23,7 @@
|
||||
<para>If you still have legacy domain members use the <smbconfoption name="server require schannel:COMPUTERACCOUNT"/> option.
|
||||
</para>
|
||||
|
||||
<para>This option yields precedence to the <smbconfoption name="server require schannel:COMPUTERACCOUNT"/> option.</para>
|
||||
<para>This option is over-ridden by the <smbconfoption name="server require schannel:COMPUTERACCOUNT"/> option.</para>
|
||||
|
||||
</description>
|
||||
|
||||
|
@ -17,7 +17,7 @@
|
||||
|
||||
<para>Note for active directory domain this option is hardcoded to 'yes'</para>
|
||||
|
||||
<para>This option yields precedence to the <smbconfoption name="reject md5 servers"/> option.</para>
|
||||
<para>This option is over-ridden by the <smbconfoption name="reject md5 servers"/> option.</para>
|
||||
|
||||
<para>This option overrides the <smbconfoption name="client schannel"/> option.</para>
|
||||
</description>
|
||||
|
Loading…
Reference in New Issue
Block a user