mirror of
https://github.com/samba-team/samba.git
synced 2025-01-05 09:18:06 +03:00
1b85db57e5
This parameter is appicable only to SMBv1 and we are deprecating SMBv1 specific authentication options for possible removal. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14460 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
28 lines
1.2 KiB
XML
28 lines
1.2 KiB
XML
<samba:parameter name="client use spnego"
|
|
context="G"
|
|
type="boolean"
|
|
deprecated="1"
|
|
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|
<description>
|
|
<para>This parameter has been deprecated since Samba 4.13 and
|
|
support for NTLMv2, NTLM and LanMan authentication outside NTLMSSP
|
|
will be removed in a future Samba release.</para>
|
|
<para>That is, in the future, the current default of
|
|
<command>client use spnego = yes</command>
|
|
will be the enforced behaviour.</para>
|
|
|
|
<para> This variable controls whether Samba clients will try
|
|
to use Simple and Protected NEGOciation (as specified by rfc2478) with
|
|
supporting servers (including WindowsXP, Windows2000 and Samba
|
|
3.0) to agree upon an authentication
|
|
mechanism. This enables Kerberos authentication in particular.</para>
|
|
|
|
<para>When <smbconfoption name="client NTLMv2 auth"/> is also set to
|
|
<constant>yes</constant> extended security (SPNEGO) is required
|
|
in order to use NTLMv2 only within NTLMSSP. This behavior was
|
|
introduced with the patches for CVE-2016-2111.</para>
|
|
</description>
|
|
|
|
<value type="default">yes</value>
|
|
</samba:parameter>
|