r25049: Set new, more secure defaults for Samba 3.2.

Andrew Bartlett

diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index 2c6a5df3e590719dc5d92a837d09b1b393fa9a23..b49d7b54a96c555a6253f77c89d1cde74005bbf0 100644 (file)
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -1574,10 +1574,10 @@ static void init_globals(BOOL first_time_only)
        Globals.bStatCache = True;      /* use stat cache by default */
        Globals.iMaxStatCacheSize = 1024; /* one Meg by default. */
        Globals.restrict_anonymous = 0;
-       Globals.bClientLanManAuth = True;       /* Do use the LanMan hash if it is available */
-       Globals.bClientPlaintextAuth = True;    /* Do use a plaintext password if is requested by the server */
-       Globals.bLanmanAuth = True;     /* Do use the LanMan hash if it is available */
-       Globals.bNTLMAuth = True;       /* Do use NTLMv1 if it is available (otherwise NTLMv2) */
+       Globals.bClientLanManAuth = False;      /* Do NOT use the LanMan hash if it is available */
+       Globals.bClientPlaintextAuth = False;   /* Do NOT use a plaintext password even if is requested by the server */
+       Globals.bLanmanAuth = False;    /* Do NOT use the LanMan hash, even if it is supplied */
+       Globals.bNTLMAuth = True;       /* Do use NTLMv1 if it is supplied by the client (otherwise NTLMv2) */
        Globals.bClientNTLMv2Auth = False; /* Client should not use NTLMv2, as we can't tell that the server supports it. */
        /* Note, that we will use NTLM2 session security (which is different), if it is available */