--===============1484927389==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="=-UiWQ5Ct8eowHekEvAC8h"


--=-UiWQ5Ct8eowHekEvAC8h
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Mon, 2006-03-06 at 21:22 -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> Andrew Bartlett wrote:
> > On Thu, 2006-03-02 at 22:50 +0100, Mark Proehl wrote:
> >=20
> >> I created a patch that introduces a new parameter "disable lanman hash=

"
> >> (attached).=20

> >=20
> > I think this is the correct approach. I've been considering the same
> > for Samba4 (where we also need to consider what kerberos enc types are
> > reasonable).

>=20
> The only thing about the original patch that made me go
> ughh was the new parameter. Can we piggy back this off
> an existing setting somehow? Perhaps 'lanman auth =3D no'?


That would be reasonable, and has pro's and cons:
- The admin probably expects that 'lanman auth =3D no' prevents any work
(storage and authentication) with the LM hash
- But this prevents the admin from storing the hash for the future, in
case he has to back out of the security upgrade (finds win9X machines
back on the network).

Andrew Bartlett

--=20
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net

--=-UiWQ5Ct8eowHekEvAC8h
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQBEDQBSz4A8Wyi0NrsRAnGoAKCV5DFlCvXj8YZidMeGjq cG2sMAswCfQFDH
J17Qyg2UdEATP+uJ7vzjL88=
=NncZ
-----END PGP SIGNATURE-----

--=-UiWQ5Ct8eowHekEvAC8h--


--===============1484927389==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--===============1484927389==--