docs-xml: deprecate "client schannel" and change the default to "yes"
authorStefan Metzmacher <metze@samba.org>
Thu, 7 Dec 2017 12:22:22 +0000 (13:22 +0100)
committerRalph Boehme <slow@samba.org>
Wed, 10 Jan 2018 00:01:24 +0000 (01:01 +0100)
This is already the default, because "require strong key = yes" is
the default.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
docs-xml/smbdotconf/security/clientschannel.xml
lib/param/loadparm.c
source3/param/loadparm.c

index 6ab35588800dbaa39e1c183ca775062979d8d667..5b07da95050c6cc29bbc53b45eb97d60e7277486 100644 (file)
@@ -2,9 +2,16 @@
                  context="G"
                  type="enum"
                  enumlist="enum_bool_auto"
+                 deprecated="1"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
 
+    <para>
+       This option is deprecated with Samba 4.8 and will be removed in future.
+       At the same time the default changed to yes, which will be the
+       hardcoded behavior in future.
+    </para>
+
     <para>
     This controls whether the client offers or even demands the use of the netlogon schannel.
     <smbconfoption name="client schannel">no</smbconfoption> does not offer the schannel, 
@@ -18,6 +25,6 @@
 
     <para>This option yields precedence to the <smbconfoption name="require strong key"/> option.</para>
 </description>
-<value type="default">auto</value>
-<value type="example">yes</value>
+<value type="default">yes</value>
+<value type="example">auto</value>
 </samba:parameter>
index 3a4a41ae75ce3d2704122cb77f97d8f01af87766..f6ee112c1276151e7bff2c5b50473321bfcbb523 100644 (file)
@@ -2838,7 +2838,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
        lpcfg_do_global_parameter(lp_ctx, "guest account", GUEST_ACCOUNT);
 
-       lpcfg_do_global_parameter(lp_ctx, "client schannel", "auto");
+       lpcfg_do_global_parameter(lp_ctx, "client schannel", "True");
 
        lpcfg_do_global_parameter(lp_ctx, "smb encrypt", "default");
 
index f8f76a66ebc30a597c48c60349e6f764d4645308..9f79f132def3d087292f6294cd6779a86207cf24 100644 (file)
@@ -651,7 +651,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
        Globals._client_ipc_min_protocol = PROTOCOL_DEFAULT;
        Globals._security = SEC_AUTO;
        Globals.encrypt_passwords = true;
-       Globals.client_schannel = Auto;
+       Globals.client_schannel = true;
        Globals.winbind_sealed_pipes = true;
        Globals.require_strong_key = true;
        Globals.server_schannel = Auto;