servers known only by IP address. Kerberos relies on names, so
ordinarily cannot function in this situation. </para>
+ <para>This is a VERY BAD IDEA for security reasons, and so this
+ parameter SHOULD NOT BE USED. It will be removed in a future
+ version of Samba.</para>
+
<para>If disabled, Samba will use the name used to look up the
server when asking the KDC for a ticket. This avoids situations
where a server may impersonate another, soliciting authentication
<para>Note that Windows XP SP2 and later versions already follow
this behaviour, and Windows Vista and later servers no longer
supply this 'rfc4178 hint' principal on the server side.</para>
+
+ <para>This parameter is deprecated in Samba 4.2.1 and will be removed
+ (along with the functionality) in a later release of Samba.</para>
</description>
<value type="default">no</value>
</samba:parameter>
.offset = GLOBAL_VAR(client_use_spnego_principal),
.special = NULL,
.enum_list = NULL,
- .flags = FLAG_ADVANCED,
+ .flags = FLAG_ADVANCED | FLAG_DEPRECATED,
},
{
.label = "username",