diff options
Diffstat (limited to 'docs-xml/smbdotconf/security/encryptpasswords.xml')
-rw-r--r-- | docs-xml/smbdotconf/security/encryptpasswords.xml | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/encryptpasswords.xml b/docs-xml/smbdotconf/security/encryptpasswords.xml new file mode 100644 index 0000000..4fdfa89 --- /dev/null +++ b/docs-xml/smbdotconf/security/encryptpasswords.xml @@ -0,0 +1,47 @@ +<samba:parameter name="encrypt passwords" + context="G" + type="boolean" + deprecated="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This parameter has been deprecated since Samba 4.11 and + support for plaintext (as distinct from NTLM, NTLMv2 + or Kerberos authentication) + will be removed in a future Samba release.</para> + <para>That is, in the future, the current default of + <command>encrypt passwords = yes</command> + will be the enforced behaviour.</para> + <para>This boolean controls whether encrypted passwords + will be negotiated with the client. Note that Windows NT 4.0 SP3 and + above and also Windows 98 will by default expect encrypted passwords + unless a registry entry is changed. To use encrypted passwords in + Samba see the chapter "User Database" in the Samba HOWTO Collection. + </para> + + <para> + MS Windows clients that expect Microsoft encrypted passwords and that + do not have plain text password support enabled will be able to + connect only to a Samba server that has encrypted password support + enabled and for which the user accounts have a valid encrypted password. + Refer to the smbpasswd command man page for information regarding the + creation of encrypted passwords for user accounts. + </para> + + <para> + The use of plain text passwords is NOT advised as support for this feature + is no longer maintained in Microsoft Windows products. If you want to use + plain text passwords you must set this parameter to no. + </para> + + <para>In order for encrypted passwords to work correctly + <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> must either + have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> program for information on how to set up + and maintain this file), or set the <smbconfoption name="security">[domain|ads]</smbconfoption> parameter which + causes <command moreinfo="none">smbd</command> to authenticate against another + server.</para> +</description> +<value type="default">yes</value> +</samba:parameter> |