diff options
author | Stefan Metzmacher <metze@samba.org> | 2022-11-24 18:26:18 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2022-12-13 13:07:29 +0000 |
commit | c8e53394b98b128ed460a6111faf05dfbad980d1 (patch) | |
tree | fe661c07e7adf340e12ba72de623cb678e3f033c /source3/param | |
parent | 4c7f84798acd1e3218209d66d1a92e9f42954d51 (diff) | |
download | samba-c8e53394b98b128ed460a6111faf05dfbad980d1.tar.gz |
CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 clients' default to yes
AES is supported by Windows Server >= 2008R2, Windows (Client) >= 7 and Samba >= 4.0,
so there's no reason to allow md5 clients by default.
However some third party domain members may need it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Diffstat (limited to 'source3/param')
-rw-r--r-- | source3/param/loadparm.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 621b5b9f48c..336852b927c 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -666,6 +666,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals) Globals.require_strong_key = true; Globals.reject_md5_servers = true; Globals.server_schannel = true; + Globals.reject_md5_clients = true; Globals.read_raw = true; Globals.write_raw = true; Globals.null_passwords = false; |