Navigation: Linux Kernel Driver DataBase - web LKDDB: Main index - C index

CONFIG_CIFS_WEAK_PW_HASH: Support legacy servers which use weaker LANMAN security

General informations

The Linux kernel configuration item CONFIG_CIFS_WEAK_PW_HASH has multiple definitions:

Support legacy servers which use weaker LANMAN security found in fs/cifs/Kconfig

The configuration item CONFIG_CIFS_WEAK_PW_HASH:

Help text

Modern CIFS servers including Samba and most Windows versions (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) security mechanisms. These hash the password more securely than the mechanisms used in the older LANMAN version of the SMB protocol but LANMAN based authentication is needed to establish sessions with some old SMB servers.

Enabling this option allows the cifs module to mount to older LANMAN based servers such as OS/2 and Windows 95, but such mounts may be less secure than mounts using NTLM or more recent security mechanisms if you are on a public network. Unless you have a need to access old SMB servers (and are on a private network) you probably want to say N. Even if this support is enabled in the kernel build, LANMAN authentication will not be used automatically. At runtime LANMAN mounts are disabled but can be set to required (or optional) either in /proc/fs/cifs (see Documentation/admin-guide/cifs/usage.rst for more detail) or via an option on the mount command. This support is disabled by default in order to reduce the possibility of a downgrade attack.

If unsure, say N.

Support legacy servers which use weaker LANMAN security found in fs/Kconfig

The configuration item CONFIG_CIFS_WEAK_PW_HASH:

Help text

Modern CIFS servers including Samba and most Windows versions (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) security mechanisms. These hash the password more securely than the mechanisms used in the older LANMAN version of the SMB protocol but LANMAN based authentication is needed to establish sessions with some old SMB servers.

Enabling this option allows the cifs module to mount to older LANMAN based servers such as OS/2 and Windows 95, but such mounts may be less secure than mounts using NTLM or more recent security mechanisms if you are on a public network. Unless you have a need to access old SMB servers (and are on a private network) you probably want to say N. Even if this support is enabled in the kernel build, LANMAN authentication will not be used automatically. At runtime LANMAN mounts are disabled but can be set to required (or optional) either in /proc/fs/cifs (see fs/cifs/README for more detail) or via an option on the mount command. This support is disabled by default in order to reduce the possibility of a downgrade attack.

If unsure, say N.

Hardware

LKDDb

Raw data from LKDDb:

Sources

This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).

The data is retrived from:

Automatic links from Google (and ads)

Custom Search

Popular queries:

Navigation: Linux Kernel Driver DataBase - web LKDDB: main index - C index

Automatically generated (in year 2024). See also LKDDb sources on GitLab