blob: 6740b8c1a9f31ba401ba1916dad401e2df8f4283 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
<samba:parameter name="client use spnego"
context="G"
type="boolean"
deprecated="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This parameter has been deprecated since Samba 4.13 and
support for NTLMv2, NTLM and LanMan authentication outside NTLMSSP
will be removed in a future Samba release.</para>
<para>That is, in the future, the current default of
<command>client use spnego = yes</command>
will be the enforced behaviour.</para>
<para> This variable controls whether Samba clients will try
to use Simple and Protected NEGOtiation (as specified by rfc2478) with
supporting servers (including WindowsXP, Windows2000 and Samba
3.0) to agree upon an authentication
mechanism. This enables Kerberos authentication in particular.</para>
<para>When <smbconfoption name="client NTLMv2 auth"/> is also set to
<constant>yes</constant> extended security (SPNEGO) is required
in order to use NTLMv2 only within NTLMSSP. This behavior was
introduced with the patches for CVE-2016-2111.</para>
</description>
<value type="default">yes</value>
</samba:parameter>
|
