docs: Deprecate "encrypt passwords = no"

This feature is only available for SMB1 and we need to warn users that this
is going away soon, and allow the removal in a future release under our rules
for parameter deprecation.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

diff --git a/docs-xml/smbdotconf/security/encryptpasswords.xml b/docs-xml/smbdotconf/security/encryptpasswords.xml
index 4bd97809d86539bf023d327c31a58c76071acbbd..4fdfa89850148f9700cf3a7fcf3291189d32ce6d 100644 (file)
--- a/docs-xml/smbdotconf/security/encryptpasswords.xml
+++ b/docs-xml/smbdotconf/security/encryptpasswords.xml
@@ -1,8 +1,16 @@
 <samba:parameter name="encrypt passwords"
                  context="G"
                  type="boolean"
+                 deprecated="1"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
+    <para>This parameter has been deprecated since Samba 4.11 and
+    support for plaintext (as distinct from NTLM, NTLMv2
+    or Kerberos authentication)
+    will be removed in a future Samba release.</para>
+    <para>That is, in the future, the current default of
+    <command>encrypt passwords = yes</command>
+    will be the enforced behaviour.</para>
     <para>This boolean controls whether encrypted passwords 
     will be negotiated with the client. Note that Windows NT 4.0 SP3 and 
     above and also Windows 98 will by default expect encrypted passwords