On Mon, 2005-11-21 at 15:19 -0800, SAMBA wrote: > Hi. > I've been digging through published and online documents, but most > documentation is oriented to old-school PDC. I want to avoid NTLM and > PDCs of the past for security and performance reasons (NTLM single DES > vs. Kerberos triple DES for instance)
The issue of what authentication types are supported is not really related to which user information modal is adopted. That is, I suggest you chose the use winbind as per the standard documentation, then set your DC to only accept NTLMv2 and Kerberos (and triple-des kerberos etc). The biggest real threat with network security is the LM half of NTLM authentication, which should be disabled (possibly by group policy) on the clients. (Modern clients will negotiate NTLM2, which removes the problematic LM authentication, but this can be modified by an active attacker.) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
