mirror of
https://github.com/samba-team/samba.git
synced 2024-12-25 23:21:54 +03:00
f762be4343
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
28 lines
1.1 KiB
XML
28 lines
1.1 KiB
XML
<samba:parameter name="allow dcerpc auth level connect"
|
|
context="G"
|
|
type="boolean"
|
|
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|
<description>
|
|
<para>This option controls whether DCERPC services are allowed to
|
|
be used with DCERPC_AUTH_LEVEL_CONNECT, which provides authentication,
|
|
but no per message integrity nor privacy protection.</para>
|
|
|
|
<para>Some interfaces like samr, lsarpc and netlogon have a hard-coded default of
|
|
<constant>no</constant> and epmapper, mgmt and rpcecho have a hard-coded default of
|
|
<constant>yes</constant>.
|
|
</para>
|
|
|
|
<para>The behavior can be overwritten per interface name (e.g. lsarpc, netlogon, samr, srvsvc,
|
|
winreg, wkssvc ...) by using 'allow dcerpc auth level connect:interface = yes' as option.</para>
|
|
|
|
<para>This option yields precedence to the implementation specific restrictions.
|
|
E.g. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY.
|
|
The dnsserver protocol requires DCERPC_AUTH_LEVEL_INTEGRITY.
|
|
</para>
|
|
</description>
|
|
|
|
<value type="default">no</value>
|
|
<value type="example">yes</value>
|
|
|
|
</samba:parameter>
|