1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/docs-xml/smbdotconf/security/debugencryption.xml
Aurelien Aptel 0732499f23 docs-xml: add "debug encryption" global parm
Add debug option to dump in the log the session id & keys in smbd and
libsmb-based code for offline decryption.

Wireshark can make use of this to decrypt encrypted traffic.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2019-02-09 18:30:14 +01:00

23 lines
853 B
XML

<samba:parameter name="debug encryption"
context="G"
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
This option will make the smbd server and client code using
libsmb (smbclient, smbget, smbspool, ...) dump the Session Id,
the decrypted Session Key, the Signing Key, the Application Key,
the Encryption Key and the Decryption Key every time an SMB3+
session is established. This information will be printed in logs
at level 0.
</para>
<para>
Warning: access to these values enables the decryption of any
encrypted traffic on the dumped sessions. This option should
only be enabled for debugging purposes.
</para>
</description>
<value type="default">no</value>
</samba:parameter>