[Pkg-samba-maint] r1790 - branches/samba/experimental/debian/patches

vorlon at alioth.debian.org vorlon at alioth.debian.org
Tue Mar 25 06:47:51 UTC 2008 

Author: vorlon
Date: 2008-03-25 06:47:50 +0000 (Tue, 25 Mar 2008)
New Revision: 1790

Removed:
   branches/samba/experimental/debian/patches/disable-weak-auth.patch
Modified:
   branches/samba/experimental/debian/patches/series
Log:
drop disable-weak-auth.patch back out; merged from trunk, but this patch
is already upstream in 3.2



Deleted: branches/samba/experimental/debian/patches/disable-weak-auth.patch
===================================================================
--- branches/samba/experimental/debian/patches/disable-weak-auth.patch	2008-03-25 06:43:23 UTC (rev 1789)
+++ branches/samba/experimental/debian/patches/disable-weak-auth.patch	2008-03-25 06:47:50 UTC (rev 1790)
@@ -1,88 +0,0 @@
-Goal: disable weak authentication methods, both on the client and
-server, so that we aren't sending passwords in plaintext across the wire
-and also aren't storing weak password hashes on the server
-
-Fixes: LP #163194
-
-Upstream status: pulled from upstream 3.2 git tree, will be superseded
-with first release of 3.2
-
-Index: samba-3.0.28a/source/param/loadparm.c
-===================================================================
---- samba-3.0.28a.orig/source/param/loadparm.c
-+++ samba-3.0.28a/source/param/loadparm.c
-@@ -1572,9 +1572,9 @@
- 	Globals.bStatCache = True;	/* use stat cache by default */
- 	Globals.iMaxStatCacheSize = 1024; /* one Meg by default. */
- 	Globals.restrict_anonymous = 0;
--	Globals.bClientLanManAuth = True;	/* Do use the LanMan hash if it is available */
--	Globals.bClientPlaintextAuth = True;	/* Do use a plaintext password if is requested by the server */
--	Globals.bLanmanAuth = True;	/* Do use the LanMan hash if it is available */
-+	Globals.bClientLanManAuth = False;	/* Do NOT use the LanMan hash if it is available */
-+	Globals.bClientPlaintextAuth = False;	/* Do NOT use a plaintext password even if is requested by the server */
-+	Globals.bLanmanAuth = False;	/* Do NOT use the LanMan hash, even if it is supplied */
- 	Globals.bNTLMAuth = True;	/* Do use NTLMv1 if it is available (otherwise NTLMv2) */
- 	Globals.bClientNTLMv2Auth = False; /* Client should not use NTLMv2, as we can't tell that the server supports it. */
- 	/* Note, that we will use NTLM2 session security (which is different), if it is available */
-Index: samba-3.0.28a/docs/htmldocs/manpages/smb.conf.5.html
-===================================================================
---- samba-3.0.28a.orig/docs/htmldocs/manpages/smb.conf.5.html
-+++ samba-3.0.28a/docs/htmldocs/manpages/smb.conf.5.html
-@@ -780,7 +780,7 @@
-     without Windows 95/98 servers are advised to disable
-     this option.  </p><p>Disabling this option will also disable the <code class="literal">client plaintext auth</code> option</p><p>Likewise, if the <code class="literal">client ntlmv2
-     auth</code> parameter is enabled, then only NTLMv2 logins will be
--    attempted.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client lanman auth</code></em> = <code class="literal">yes</code>
-+    attempted.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client lanman auth</code></em> = <code class="literal">no</code>
- </em></span>
- </p></dd><dt><span class="term"><a name="CLIENTNTLMV2AUTH"></a>client ntlmv2 auth (G)</span></dt><dd><p>This parameter determines whether or not <a href="smbclient.8.html"><span class="citerefentry"><span class="refentrytitle">smbclient</span>(8)</span></a> will attempt to
-     authenticate itself to servers using the NTLMv2 encrypted password
-@@ -795,7 +795,7 @@
- 	responses, and not the weaker LM or NTLM.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client ntlmv2 auth</code></em> = <code class="literal">no</code>
- </em></span>
- </p></dd><dt><span class="term"><a name="CLIENTPLAINTEXTAUTH"></a>client plaintext auth (G)</span></dt><dd><p>Specifies whether a client should send a plaintext 
--		password if the server does not support encrypted passwords.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client plaintext auth</code></em> = <code class="literal">yes</code>
-+		password if the server does not support encrypted passwords.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client plaintext auth</code></em> = <code class="literal">no</code>
- </em></span>
- </p></dd><dt><span class="term"><a name="CLIENTSCHANNEL"></a>client schannel (G)</span></dt><dd><p>
-     This controls whether the client offers or even demands the use of the netlogon schannel.
-@@ -2007,7 +2007,7 @@
-     auth</code> to disable this for Samba's clients (such as smbclient)</p><p>If this option, and <code class="literal">ntlm
-     auth</code> are both disabled, then only NTLMv2 logins will be
-     permited.  Not all clients support NTLMv2, and most will require
--    special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lanman auth</code></em> = <code class="literal">yes</code>
-+    special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lanman auth</code></em> = <code class="literal">no</code>
- </em></span>
- </p></dd><dt><span class="term"><a name="LARGEREADWRITE"></a>large readwrite (G)</span></dt><dd><p>This parameter determines whether or not
-     <a href="smbd.8.html"><span class="citerefentry"><span class="refentrytitle">smbd</span>(8)</span></a> supports the new 64k
-Index: samba-3.0.28a/docs/manpages/smb.conf.5
-===================================================================
---- samba-3.0.28a.orig/docs/manpages/smb.conf.5
-+++ samba-3.0.28a/docs/manpages/smb.conf.5
-@@ -1272,7 +1272,7 @@
- parameter is enabled, then only NTLMv2 logins will be attempted.
- .sp
- Default:
--\fB\fIclient lanman auth\fR = yes \fR
-+\fB\fIclient lanman auth\fR = no \fR
- .RE
- .PP
- client ntlmv2 auth (G)
-@@ -1303,7 +1303,7 @@
- Specifies whether a client should send a plaintext password if the server does not support encrypted passwords.
- .sp
- Default:
--\fB\fIclient plaintext auth\fR = yes \fR
-+\fB\fIclient plaintext auth\fR = no \fR
- .RE
- .PP
- client schannel (G)
-@@ -3082,7 +3082,7 @@
- are both disabled, then only NTLMv2 logins will be permited. Not all clients support NTLMv2, and most will require special configuration to use it.
- .sp
- Default:
--\fB\fIlanman auth\fR = yes \fR
-+\fB\fIlanman auth\fR = no \fR
- .RE
- .PP
- large readwrite (G)

Modified: branches/samba/experimental/debian/patches/series
===================================================================
--- branches/samba/experimental/debian/patches/series	2008-03-25 06:43:23 UTC (rev 1789)
+++ branches/samba/experimental/debian/patches/series	2008-03-25 06:47:50 UTC (rev 1790)
@@ -14,4 +14,3 @@
 autoconf.patch
 smbpasswd-syslog.patch
 usershare.patch
-disable-weak-auth.patch

More information about the Pkg-samba-maint mailing list