1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/docs-xml/smbdotconf/winbind/requirestrongkey.xml
Ralph Boehme 830e865ba5 CVE-2022-38023 docs-xml: improve wording for several options: "yields precedence" -> "is over-riden"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:29 +00:00

27 lines
1.1 KiB
XML

<samba:parameter name="require strong key"
context="G"
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This option controls whether winbindd requires support
for md5 strong key support for the netlogon secure channel.</para>
<para>The following flags will be required NETLOGON_NEG_STRONG_KEYS,
NETLOGON_NEG_ARCFOUR and NETLOGON_NEG_AUTHENTICATED_RPC.</para>
<para>You can set this to no if some domain controllers only support des.
This might allows weak crypto to be negotiated, may via downgrade attacks.</para>
<para>The behavior can be controlled per netbios domain
by using 'require strong key:NETBIOSDOMAIN = no' as option.</para>
<para>Note for active directory domain this option is hardcoded to 'yes'</para>
<para>This option is over-ridden by the <smbconfoption name="reject md5 servers"/> option.</para>
<para>This option overrides the <smbconfoption name="client schannel"/> option.</para>
</description>
<value type="default">yes</value>
</samba:parameter>