diff options
author | Stefan Metzmacher <metze@samba.org> | 2022-11-24 18:22:23 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2022-12-13 13:07:29 +0000 |
commit | 1c6c1129905d0c7a60018e7bf0f17a0fd198a584 (patch) | |
tree | 2bf2b1dff2f4de50c984b1080639998b93728c7e /source3/param | |
parent | d60828f6391307a59abaa02b72b6a8acf66b2fef (diff) | |
download | samba-1c6c1129905d0c7a60018e7bf0f17a0fd198a584.tar.gz |
CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 servers' default to yes
AES is supported by Windows >= 2008R2 and Samba >= 4.0 so there's no
reason to allow md5 servers by default.
Note the change in netlogon_creds_cli_context_global() is only cosmetic,
but avoids confusion while reading the code. Check with:
git show -U35 libcli/auth/netlogon_creds_cli.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Diffstat (limited to 'source3/param')
-rw-r--r-- | source3/param/loadparm.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 3429ecbe5e4..621b5b9f48c 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -664,6 +664,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals) Globals.client_schannel = true; Globals.winbind_sealed_pipes = true; Globals.require_strong_key = true; + Globals.reject_md5_servers = true; Globals.server_schannel = true; Globals.read_raw = true; Globals.write_raw = true; |