1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

lib/param: add "reject md5 client" option, defaulting to false

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2013-12-06 11:39:15 +01:00
parent 87bdc88328
commit 807bcb4981
3 changed files with 28 additions and 0 deletions

View File

@ -0,0 +1,18 @@
<samba:parameter name="reject md5 clients"
context="G"
type="boolean"
advanced="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This option controls whether the netlogon server (currently
only in 'active directory domain controller' mode), will
reject clients which does not support NETLOGON_NEG_SUPPORTS_AES.</para>
<para>You can set this to yes if all domain members support aes.
This will prevent downgrade attacks.</para>
<para>This option takes precedence to the 'allow nt4 crypto' option.</para>
</description>
<value type="default">no</value>
</samba:parameter>

View File

@ -205,6 +205,7 @@ FN_GLOBAL_BOOL(pam_password_change, bPamPasswordChange)
FN_GLOBAL_BOOL(passdb_expand_explicit, bPassdbExpandExplicit)
FN_GLOBAL_BOOL(passwd_chat_debug, bPasswdChatDebug)
FN_GLOBAL_BOOL(registry_shares, bRegistryShares)
FN_GLOBAL_BOOL(reject_md5_clients, bRejectMD5Clients)
FN_GLOBAL_BOOL(reject_md5_servers, bRejectMD5Servers)
FN_GLOBAL_BOOL(require_strong_key, bRequireStrongKey)
FN_GLOBAL_BOOL(reset_on_zero_vc, bResetOnZeroVC)

View File

@ -4325,6 +4325,15 @@ static struct parm_struct parm_table[] = {
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
{
.label = "reject md5 clients",
.type = P_BOOL,
.p_class = P_GLOBAL,
.offset = GLOBAL_VAR(bRejectMD5Clients),
.special = NULL,
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
{N_("TLS options"), P_SEP, P_SEPARATOR},