blob: 8bccab391cc274fd1d8d0d70f64cca4cef46e956 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
<samba:parameter name="allow dcerpc auth level connect"
context="G"
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This option controls whether DCERPC services are allowed to
be used with DCERPC_AUTH_LEVEL_CONNECT, which provides authentication,
but no per message integrity nor privacy protection.</para>
<para>Some interfaces like samr, lsarpc and netlogon have a hard-coded default of
<constant>no</constant> and epmapper, mgmt and rpcecho have a hard-coded default of
<constant>yes</constant>.
</para>
<para>The behavior can be overwritten per interface name (e.g. lsarpc, netlogon, samr, srvsvc,
winreg, wkssvc ...) by using 'allow dcerpc auth level connect:interface = yes' as option.</para>
<para>This option is over-ridden by the implementation specific restrictions.
E.g. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY.
The dnsserver protocol requires DCERPC_AUTH_LEVEL_INTEGRITY.
</para>
</description>
<value type="default">no</value>
<value type="example">yes</value>
</samba:parameter>
|
