summaryrefslogtreecommitdiffstats
path: root/docs-xml/smbdotconf/security/encryptpasswords.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs-xml/smbdotconf/security/encryptpasswords.xml')
-rw-r--r--docs-xml/smbdotconf/security/encryptpasswords.xml47
1 files changed, 47 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/encryptpasswords.xml b/docs-xml/smbdotconf/security/encryptpasswords.xml
new file mode 100644
index 0000000..4fdfa89
--- /dev/null
+++ b/docs-xml/smbdotconf/security/encryptpasswords.xml
@@ -0,0 +1,47 @@
+<samba:parameter name="encrypt passwords"
+ context="G"
+ type="boolean"
+ deprecated="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This parameter has been deprecated since Samba 4.11 and
+ support for plaintext (as distinct from NTLM, NTLMv2
+ or Kerberos authentication)
+ will be removed in a future Samba release.</para>
+ <para>That is, in the future, the current default of
+ <command>encrypt passwords = yes</command>
+ will be the enforced behaviour.</para>
+ <para>This boolean controls whether encrypted passwords
+ will be negotiated with the client. Note that Windows NT 4.0 SP3 and
+ above and also Windows 98 will by default expect encrypted passwords
+ unless a registry entry is changed. To use encrypted passwords in
+ Samba see the chapter "User Database" in the Samba HOWTO Collection.
+ </para>
+
+ <para>
+ MS Windows clients that expect Microsoft encrypted passwords and that
+ do not have plain text password support enabled will be able to
+ connect only to a Samba server that has encrypted password support
+ enabled and for which the user accounts have a valid encrypted password.
+ Refer to the smbpasswd command man page for information regarding the
+ creation of encrypted passwords for user accounts.
+ </para>
+
+ <para>
+ The use of plain text passwords is NOT advised as support for this feature
+ is no longer maintained in Microsoft Windows products. If you want to use
+ plain text passwords you must set this parameter to no.
+ </para>
+
+ <para>In order for encrypted passwords to work correctly
+ <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> must either
+ have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle>
+ <manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> program for information on how to set up
+ and maintain this file), or set the <smbconfoption name="security">[domain|ads]</smbconfoption> parameter which
+ causes <command moreinfo="none">smbd</command> to authenticate against another
+ server.</para>
+</description>
+<value type="default">yes</value>
+</samba:parameter>