sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code
0d040ff448
samba-mirror/docs-xml/smbdotconf/security/smbencrypt.xml
Karolin Seeger 54dbb030e2 s3/docs: Fix several typos. 
This fixes bug #6127.
Thanks to Justin T Pryzby <justinpryzby [at] users.sourceforge.net>
for the review!

Karolin
2009-02-20 09:20:16 +01:00

45 lines
2.1 KiB
XML
Raw Blame History

<samba:parameter name="smb encrypt"
context="S"
type="enum"
basic="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This is a new feature introduced with Samba 3.2 and above. It is an
extension to the SMB/CIFS protocol negotiated as part of the UNIX extensions.
SMB encryption uses the GSSAPI (SSPI on Windows) ability to encrypt
and sign every request/response in a SMB protocol stream. When
enabled it provides a secure method of SMB/CIFS communication,
similar to an ssh protected session, but using SMB/CIFS authentication
to negotiate encryption and signing keys. Currently this is only
supported by Samba 3.2 smbclient, and hopefully soon Linux CIFSFS
and MacOS/X clients. Windows clients do not support this feature.
</para>
<para>This controls whether the remote client is allowed or required to use SMB encryption. Possible values
are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis>
and <emphasis>disabled</emphasis>. This may be set on a per-share
basis, but clients may chose to encrypt the entire session, not
just traffic to a specific share. If this is set to mandatory
then all traffic to a share <emphasis>must</emphasis> must
be encrypted once the connection has been made to the share.
The server would return "access denied" to all non-encrypted
requests on such a share. Selecting encrypted traffic reduces
throughput as smaller packet sizes must be used (no huge UNIX
style read/writes allowed) as well as the overhead of encrypting
and signing all the data.
</para>
<para>If SMB encryption is selected, Windows style SMB signing (see
the <smbconfoption name="server signing"/> option) is no longer necessary,
as the GSSAPI flags use select both signing and sealing of the data.
</para>
<para>When set to auto, SMB encryption is offered, but not enforced.
When set to mandatory, SMB encryption is required and if set
to disabled, SMB encryption can not be negotiated.</para>
</description>
<value type="default">auto</value>
</samba:parameter>
View Git Blame Copy Permalink