CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 clients' default to yes

AES is supported by Windows Server >= 2008R2, Windows (Client) >= 7 and Samba >= 4.0, so there's no reason to allow md5 clients by default. However some third party domain members may need it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2022-11-24 18:26:18 +0100
committer: Stefan Metzmacher <metze@samba.org> 2022-12-13 13:07:29 +0000
commit: c8e53394b98b128ed460a6111faf05dfbad980d1 (patch)
tree: fe661c07e7adf340e12ba72de623cb678e3f033c /source3/param
parent: 4c7f84798acd1e3218209d66d1a92e9f42954d51 (diff)
download: samba-c8e53394b98b128ed460a6111faf05dfbad980d1.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 621b5b9f48c..336852b927c 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -666,6 +666,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 	Globals.require_strong_key = true;
 	Globals.reject_md5_servers = true;
 	Globals.server_schannel = true;
+	Globals.reject_md5_clients = true;
 	Globals.read_raw = true;
 	Globals.write_raw = true;
 	Globals.null_passwords = false;
author	Stefan Metzmacher <metze@samba.org>	2022-11-24 18:26:18 +0100
committer	Stefan Metzmacher <metze@samba.org>	2022-12-13 13:07:29 +0000
commit	c8e53394b98b128ed460a6111faf05dfbad980d1 (patch)
tree	fe661c07e7adf340e12ba72de623cb678e3f033c /source3/param
parent	4c7f84798acd1e3218209d66d1a92e9f42954d51 (diff)
download	samba-c8e53394b98b128ed460a6111faf05dfbad980d1.tar.gz