1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/docs-xml/smbdotconf/security/encryptpasswords.xml
Andrew Bartlett 8d0d99a4d7 docs: Deprecate "encrypt passwords = no"
This feature is only available for SMB1 and we need to warn users that this
is going away soon, and allow the removal in a future release under our rules
for parameter deprecation.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-09-05 02:45:28 +00:00

48 lines
2.3 KiB
XML

<samba:parameter name="encrypt passwords"
context="G"
type="boolean"
deprecated="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This parameter has been deprecated since Samba 4.11 and
support for plaintext (as distinct from NTLM, NTLMv2
or Kerberos authentication)
will be removed in a future Samba release.</para>
<para>That is, in the future, the current default of
<command>encrypt passwords = yes</command>
will be the enforced behaviour.</para>
<para>This boolean controls whether encrypted passwords
will be negotiated with the client. Note that Windows NT 4.0 SP3 and
above and also Windows 98 will by default expect encrypted passwords
unless a registry entry is changed. To use encrypted passwords in
Samba see the chapter "User Database" in the Samba HOWTO Collection.
</para>
<para>
MS Windows clients that expect Microsoft encrypted passwords and that
do not have plain text password support enabled will be able to
connect only to a Samba server that has encrypted password support
enabled and for which the user accounts have a valid encrypted password.
Refer to the smbpasswd command man page for information regarding the
creation of encrypted passwords for user accounts.
</para>
<para>
The use of plain text passwords is NOT advised as support for this feature
is no longer maintained in Microsoft Windows products. If you want to use
plain text passwords you must set this parameter to no.
</para>
<para>In order for encrypted passwords to work correctly
<citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> must either
have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> program for information on how to set up
and maintain this file), or set the <smbconfoption name="security">[domain|ads]</smbconfoption> parameter which
causes <command moreinfo="none">smbd</command> to authenticate against another
server.</para>
</description>
<value type="default">yes</value>
</samba:parameter>