1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/docs-xml/smbdotconf/security
Samuel Cabrero 3e7bbe047f CVE-2022-38023 docs-xml/smbdotconf: The "server schannel require seal[:COMPUTERACCOUNT]" options are also honoured by s3 netlogon server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 02fba22b8c)
2023-01-23 10:01:59 +00:00
..
accessbasedshareenum.xml
aclflaginheritedcanonicalization.xml loadparam: add option "acl flag inherited canonicalization" 2021-05-27 19:51:57 +00:00
aclgroupcontrol.xml manpage: corrected small typo error 2015-11-02 14:43:15 +01:00
adminusers.xml docs:smbdotconf: change type to cmdlist where needed. 2015-07-31 01:55:32 +02:00
algorithmicridbase.xml
allowdcerpcauthlevelconnect.xml CVE-2022-38023 docs-xml: improve wording for several options: "yields precedence" -> "is over-riden" 2022-12-14 10:28:16 +00:00
allowtrusteddomains.xml
binddnsdir.xml docs-xml: remove explicit "constant" 2019-11-27 10:25:37 +00:00
checkpasswordscript.xml smbdotconf: mark "check password script" with substitution="1" 2019-11-27 10:25:34 +00:00
clientipcsigning.xml docs-xml: Use 'desired' and 'required' for option 'client ipc signing' 2021-04-28 03:43:34 +00:00
clientlanmanauth.xml docs: deprecate "client lanman auth" 2020-08-18 00:10:40 +00:00
clientntlmv2auth.xml docs: deprecate "client NTLMv2 auth" 2020-08-18 00:10:40 +00:00
clientplaintextauth.xml docs: deprecate "client plaintext auth" 2020-08-18 00:10:40 +00:00
clientprotection.xml lib:param: Add 'client protection' config option 2021-04-28 03:43:34 +00:00
clientschannel.xml CVE-2022-38023 docs-xml: improve wording for several options: "yields precedence" -> "is over-riden" 2022-12-14 10:28:16 +00:00
clientsigning.xml docs-xml: Use 'desired' and 'required' for option 'client signing' 2021-04-28 03:43:34 +00:00
clientsmbencrypt.xml docs-xml: Add 'client smb encrypt' 2020-08-19 16:22:40 +00:00
clientsmbencryptionalgos.xml docs-xml: use upper case for "{client,server} smb3 {signing,encryption} algorithms" values 2021-09-08 16:37:07 +00:00
clientsmbsigningalgos.xml docs-xml: use upper case for "{client,server} smb3 {signing,encryption} algorithms" values 2021-09-08 16:37:07 +00:00
clientusekerberos.xml lib:param: Add 'client use kerberos' config parameter 2021-04-28 03:43:34 +00:00
clientusepsnegoprincipal.xml
createmask.xml docs:smbdotconf: change type to octal where needed 2015-07-31 01:55:32 +02:00
debugencryption.xml docs-xml: add "debug encryption" global parm 2019-02-09 18:30:14 +01:00
dedicatedkeytabfile.xml docs-xml: remove explicit "constant" 2019-11-27 10:25:37 +00:00
directorymask.xml docs:smbdotconf: change type to octal where needed 2015-07-31 01:55:32 +02:00
directorysecuritymask.xml
encryptpasswords.xml docs: Deprecate "encrypt passwords = no" 2019-09-05 02:45:28 +00:00
forcecreatemode.xml docs:smbdotconf: change type to octal where needed 2015-07-31 01:55:32 +02:00
forcedirectorymode.xml docs:smbdotconf: change type to octal where needed 2015-07-31 01:55:32 +02:00
forcedirectorysecuritymode.xml
forcegroup.xml smbdotconf: mark "force group" with substitution="1" 2019-11-27 10:25:33 +00:00
forcesecuritymode.xml
forceunknownacluser.xml
forceuser.xml smbdotconf: mark "force user" with substitution="1" 2019-11-27 10:25:33 +00:00
guestaccount.xml docs-xml: remove explicit "constant" 2019-11-27 10:25:37 +00:00
guestok.xml
guestonly.xml
hostsallow.xml Revert "docs-xml: Update documentation for removal of NIS support" 2022-06-12 09:19:16 +00:00
hostsdeny.xml docs:smbdotconf: change type to cmdlist where needed. 2015-07-31 01:55:32 +02:00
inheritacls.xml
inheritowner.xml smbd: add an option to inherit only the UNIX owner 2016-08-10 08:18:17 +02:00
inheritpermissions.xml
invalidusers.xml Revert "docs-xml: Update documentation for removal of NIS support" 2022-06-12 09:19:16 +00:00
kdcdefaultdomainsupportedenctypes.xml CVE-2022-37966 param: let "kdc default domain supportedenctypes = 0" mean the default 2022-12-14 10:28:17 +00:00
kdcenablefast.xml docs-xml: add 'kdc enable fast' option 2022-03-14 14:27:13 +00:00
kdcforceenablerc4weaksessionkeys.xml CVE-2022-37966 param: Add support for new option "kdc force enable rc4 weak session keys" 2022-12-14 10:28:16 +00:00
kdcsupportedenctypes.xml CVE-2022-37966 param: Add support for new option "kdc supported enctypes" 2022-12-14 10:28:17 +00:00
kerberosencryptiontypes.xml CVE-2022-37966 docs-xml/smbdotconf: "kerberos encryption types = legacy" should not be used 2022-12-14 10:28:16 +00:00
kerberosmethod.xml
kpasswdport.xml
krb5port.xml
lanmanauth.xml docs: Deprecate "lanman auth = yes" 2019-09-05 04:04:17 +00:00
lognttokencommand.xml smbdotconf: mark "log nt token command" with substitution="1" 2019-11-27 10:25:35 +00:00
maptoguest.xml
mindomainuid.xml CVE-2020-25717: loadparm: Add new parameter "min domain uid" 2021-11-09 19:45:32 +00:00
mitkdccommand.xml docs-xml: remove SWAT specific flags 2019-11-27 10:25:37 +00:00
ntlmauth.xml Spelling fixes s/permited/permitted/ 2019-09-01 22:21:28 +00:00
ntpsigndsocketdirectory.xml docs-xml: remove explicit "constant" 2019-11-27 10:25:37 +00:00
nullpasswords.xml
obeypamrestrictions.xml
oldpasswordallowedperiod.xml docs:smbdotconf: fix a typo in oldpasswordallowedperiod.xml 2020-12-17 13:59:37 +00:00
pampasswordchange.xml
passdbbackend.xml docs-xml: remove explicit "constant" 2019-11-27 10:25:37 +00:00
passdbexpandexplicit.xml
passwdchat.xml docs-xml: Update documentation for removal of NIS support 2021-04-22 17:57:30 +00:00
passwdchatdebug.xml
passwdchattimeout.xml
passwdprogram.xml smbdotconf: mark "passwd program" with substitution="1" 2019-11-27 10:25:35 +00:00
passwordhashgpgkeyids.xml docs-xml/smbdotconf: add "password hash gpg key ids" option 2016-07-22 16:03:27 +02:00
passwordhashuserpasswordschemes.xml docs: configuration options for extra password hashes 2017-05-25 02:25:12 +02:00
passwordserver.xml docs-xml: remove explicit "constant" 2019-11-27 10:25:37 +00:00
preloadmodules.xml docs:smbdotconf: change type to cmdlist where needed. 2015-07-31 01:55:32 +02:00
privatedir.xml docs-xml: remove explicit "constant" 2019-11-27 10:25:37 +00:00
rawntlmv2auth.xml docs: deprecate "raw NTLMv2 auth" 2020-08-18 00:10:40 +00:00
readlist.xml docs:smbdotconf: change type to cmdlist where needed. 2015-07-31 01:55:32 +02:00
readonly.xml
renameuserscript.xml smbdotconf: mark "rename user script" with substitution="1" 2019-11-27 10:25:36 +00:00
restrictanonymous.xml docs-xml: Update documentation for 'restrict anonymous' option 2019-02-07 17:23:18 +01:00
rootdirectory.xml smbdotconf: mark "root directory" with substitution="1" 2019-11-27 10:25:36 +00:00
sambakcccommand.xml docs:smbdotconf: change type to cmdlist where needed. 2015-07-31 01:55:32 +02:00
security.xml remove duplicate lines from 'man smb.conf' 2016-09-21 17:18:46 +02:00
securitymask.xml
serverrole.xml CVE-2020-25717: Add FreeIPA domain controller role 2021-11-09 19:45:33 +00:00
serverschannel.xml CVE-2022-38023 docs-xml/smbdotconf: add "server schannel require seal[:COMPUTERACCOUNT]" options 2022-12-14 10:28:16 +00:00
serverschannelrequireseal.xml CVE-2022-38023 docs-xml/smbdotconf: The "server schannel require seal[:COMPUTERACCOUNT]" options are also honoured by s3 netlogon server. 2023-01-23 10:01:59 +00:00
serversigning.xml CVE-2016-2114: docs-xml: let the "smb signing" documentation reflect the reality 2016-04-12 19:25:26 +02:00
serversmbencrypt.xml param: Create and use enum_smb_encryption_vals 2020-08-19 16:22:40 +00:00
serversmbencryptionalgos.xml docs-xml: use upper case for "{client,server} smb3 {signing,encryption} algorithms" values 2021-09-08 16:37:07 +00:00
serversmbsigningalgos.xml docs-xml: use upper case for "{client,server} smb3 {signing,encryption} algorithms" values 2021-09-08 16:37:07 +00:00
smbencrypt.xml param: Create and use enum_smb_encryption_vals 2020-08-19 16:22:40 +00:00
smbpasswdfile.xml docs-xml: remove explicit "constant" 2019-11-27 10:25:37 +00:00
tlscafile.xml docs-xml: remove explicit "constant" 2019-11-27 10:25:37 +00:00
tlscertfile.xml docs-xml: remove explicit "constant" 2019-11-27 10:25:37 +00:00
tlscrlfile.xml docs-xml: remove explicit "constant" 2019-11-27 10:25:37 +00:00
tlsdhparamsfile.xml docs-xml: remove explicit "constant" 2019-11-27 10:25:37 +00:00
tlsenabled.xml
tlskeyfile.xml docs-xml: remove explicit "constant" 2019-11-27 10:25:37 +00:00
tlspriority.xml tls: Use NORMAL:-VERS-SSL3.0 as the default configuration 2020-07-01 14:56:33 +00:00
tlsverifypeer.xml CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible" 2016-04-12 19:25:25 +02:00
unixpasswordsync.xml docs-xml/smbdotconf: reference "unix password sync" with "password hash gpg key ids" 2016-07-22 16:03:27 +02:00
usernamelevel.xml
usernamemap.xml Revert "docs-xml: Update documentation for removal of NIS support" 2022-06-12 09:19:16 +00:00
usernamemapcachetime.xml
usernamemapscript.xml smb.conf.5: Fix a typo for "username map script" 2021-11-11 19:08:37 +00:00
validusers.xml Revert "docs-xml: Update documentation for removal of NIS support" 2022-06-12 09:19:16 +00:00
writeable.xml
writelist.xml docs:smbdotconf: change type to cmdlist where needed. 2015-07-31 01:55:32 +02:00