mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
3c96f7d80e
Best reviewed with: `git show --word-diff`. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
28 lines
1.2 KiB
XML
28 lines
1.2 KiB
XML
<samba:parameter name="client use spnego"
|
|
context="G"
|
|
type="boolean"
|
|
deprecated="1"
|
|
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|
<description>
|
|
<para>This parameter has been deprecated since Samba 4.13 and
|
|
support for NTLMv2, NTLM and LanMan authentication outside NTLMSSP
|
|
will be removed in a future Samba release.</para>
|
|
<para>That is, in the future, the current default of
|
|
<command>client use spnego = yes</command>
|
|
will be the enforced behaviour.</para>
|
|
|
|
<para> This variable controls whether Samba clients will try
|
|
to use Simple and Protected NEGOtiation (as specified by rfc2478) with
|
|
supporting servers (including WindowsXP, Windows2000 and Samba
|
|
3.0) to agree upon an authentication
|
|
mechanism. This enables Kerberos authentication in particular.</para>
|
|
|
|
<para>When <smbconfoption name="client NTLMv2 auth"/> is also set to
|
|
<constant>yes</constant> extended security (SPNEGO) is required
|
|
in order to use NTLMv2 only within NTLMSSP. This behavior was
|
|
introduced with the patches for CVE-2016-2111.</para>
|
|
</description>
|
|
|
|
<value type="default">yes</value>
|
|
</samba:parameter>
|