This parameter determines whether or not
smbclient
8 and other samba components
acting as a client will attempt to use the server-supplied
principal sometimes given in the SPNEGO exchange.
If enabled, Samba can attempt to use Kerberos to contact
servers known only by IP address. Kerberos relies on names, so
ordinarily cannot function in this situation.
This is a VERY BAD IDEA for security reasons, and so this
parameter SHOULD NOT BE USED. It will be removed in a future
version of Samba.
If disabled, Samba will use the name used to look up the
server when asking the KDC for a ticket. This avoids situations
where a server may impersonate another, soliciting authentication
as one principal while being known on the network as another.
Note that Windows XP SP2 and later versions already follow
this behaviour, and Windows Vista and later servers no longer
supply this 'rfc4178 hint' principal on the server side.
This parameter is deprecated in Samba 4.2.1 and will be removed
(along with the functionality) in a later release of Samba.
no