mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
lib/param: add "reject md5 client" option, defaulting to false
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
87bdc88328
commit
807bcb4981
18
docs-xml/smbdotconf/logon/rejectmd5clients.xml
Normal file
18
docs-xml/smbdotconf/logon/rejectmd5clients.xml
Normal file
@ -0,0 +1,18 @@
|
||||
<samba:parameter name="reject md5 clients"
|
||||
context="G"
|
||||
type="boolean"
|
||||
advanced="1"
|
||||
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
||||
<description>
|
||||
<para>This option controls whether the netlogon server (currently
|
||||
only in 'active directory domain controller' mode), will
|
||||
reject clients which does not support NETLOGON_NEG_SUPPORTS_AES.</para>
|
||||
|
||||
<para>You can set this to yes if all domain members support aes.
|
||||
This will prevent downgrade attacks.</para>
|
||||
|
||||
<para>This option takes precedence to the 'allow nt4 crypto' option.</para>
|
||||
</description>
|
||||
|
||||
<value type="default">no</value>
|
||||
</samba:parameter>
|
@ -205,6 +205,7 @@ FN_GLOBAL_BOOL(pam_password_change, bPamPasswordChange)
|
||||
FN_GLOBAL_BOOL(passdb_expand_explicit, bPassdbExpandExplicit)
|
||||
FN_GLOBAL_BOOL(passwd_chat_debug, bPasswdChatDebug)
|
||||
FN_GLOBAL_BOOL(registry_shares, bRegistryShares)
|
||||
FN_GLOBAL_BOOL(reject_md5_clients, bRejectMD5Clients)
|
||||
FN_GLOBAL_BOOL(reject_md5_servers, bRejectMD5Servers)
|
||||
FN_GLOBAL_BOOL(require_strong_key, bRequireStrongKey)
|
||||
FN_GLOBAL_BOOL(reset_on_zero_vc, bResetOnZeroVC)
|
||||
|
@ -4325,6 +4325,15 @@ static struct parm_struct parm_table[] = {
|
||||
.enum_list = NULL,
|
||||
.flags = FLAG_ADVANCED,
|
||||
},
|
||||
{
|
||||
.label = "reject md5 clients",
|
||||
.type = P_BOOL,
|
||||
.p_class = P_GLOBAL,
|
||||
.offset = GLOBAL_VAR(bRejectMD5Clients),
|
||||
.special = NULL,
|
||||
.enum_list = NULL,
|
||||
.flags = FLAG_ADVANCED,
|
||||
},
|
||||
|
||||
{N_("TLS options"), P_SEP, P_SEPARATOR},
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user