Navigation: Linux Kernel Driver DataBase - web LKDDB: Main index - C index
The Linux kernel configuration item CONFIG_CIFS_WEAK_PW_HASH
has multiple definitions:
fs/cifs/Kconfig
The configuration item CONFIG_CIFS_WEAK_PW_HASH:
CONFIG_CIFS && CONFIG_CIFS_ALLOW_INSECURE_LEGACY
Modern CIFS servers including Samba and most Windows versions (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) security mechanisms. These hash the password more securely than the mechanisms used in the older LANMAN version of the SMB protocol but LANMAN based authentication is needed to establish sessions with some old SMB servers.
Enabling this option allows the cifs module to mount to older LANMAN based servers such as OS/2 and Windows 95, but such mounts may be less secure than mounts using NTLM or more recent security mechanisms if you are on a public network. Unless you have a need to access old SMB servers (and are on a private network) you probably want to say N. Even if this support is enabled in the kernel build, LANMAN authentication will not be used automatically. At runtime LANMAN mounts are disabled but can be set to required (or optional) either in /proc/fs/cifs (see Documentation/admin-guide/cifs/usage.rst for more detail) or via an option on the mount command. This support is disabled by default in order to reduce the possibility of a downgrade attack.
If unsure, say N.
fs/Kconfig
The configuration item CONFIG_CIFS_WEAK_PW_HASH:
CONFIG_CIFS
Modern CIFS servers including Samba and most Windows versions (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) security mechanisms. These hash the password more securely than the mechanisms used in the older LANMAN version of the SMB protocol but LANMAN based authentication is needed to establish sessions with some old SMB servers.
Enabling this option allows the cifs module to mount to older LANMAN based servers such as OS/2 and Windows 95, but such mounts may be less secure than mounts using NTLM or more recent security mechanisms if you are on a public network. Unless you have a need to access old SMB servers (and are on a private network) you probably want to say N. Even if this support is enabled in the kernel build, LANMAN authentication will not be used automatically. At runtime LANMAN mounts are disabled but can be set to required (or optional) either in /proc/fs/cifs (see fs/cifs/README for more detail) or via an option on the mount command. This support is disabled by default in order to reduce the possibility of a downgrade attack.
If unsure, say N.
Raw data from LKDDb:
(none)
This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).
The data is retrived from:
Popular queries:
Navigation: Linux Kernel Driver DataBase - web LKDDB: main index - C index
Automatically generated (in year 2024). See also LKDDb sources on GitLab