Proposed patch; includes changes to client lanman auth and client plaintext auth as well, which protects users from being tricked into sending plaintext passwords to a rogue server, but at the cost of breaking compatibility with other Samba servers that have encrypted passwords = no set.
Investigation shows that these three changes have already been made upstream for 3.2, which further reinforces my belief that we shouldn't worry about debconf handling of this. ** Attachment added: "disable-weak-auth.patch" http://launchpadlibrarian.net/10537651/disable-weak-auth.patch -- Disable creation of weak lanman hashes by default in samba https://bugs.launchpad.net/bugs/163194 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
