Thought I'd throw this thought into the wild for anyone to pick up and run with. This doesn't directly affect me.
In Clonezilla today (3.1.2-9) when setting up a connection to a SMB share for device-image mode, it prompts for a security mode (auto vs ntlm). What auto actually does under the hood is a bit unclear. At least in Microsoft land (and I'm not a good person to speak on Windows auth internals), you have three authentication methods - Negotiate, Kerberos, and NTLM. NTLM is then broken down into NTLM2 and NTLM1 (hopefully no one is using NTLM1 these days). Negotiate tries Kerberos first and fallsback to NTLM2 if Kerberos fails. Microsoft recently made announcements that they're going to try to phase out NTLM entirely from Windows. This could impact Clonezilla users who use Microsoft SMB shares. At some point in the future - by default - Kerberos may be the only method for authentication, and it's not clear if Clonezilla supports Kerberos for authentication today. Obviously this can turn into a rabbit hole quickly - new firewall requirements, time becomes significantly more important, etc etc. I'm not familiar at all with MIT KRB5 on GNU/Linux distros so as mentioned before, I am just throwing this out there for someone who's smarter than I to consider.
_______________________________________________ Clonezilla-live mailing list Clonezilla-live@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/clonezilla-live
