This crypto is incredibly poor, and can technically be enabled on an otherwise more
secure connection that uses NTLM for the actual authentication leg. Therefore
disable it by default.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
ntlmssp_state->expected_state = NTLMSSP_NEGOTIATE;
- ntlmssp_state->allow_lm_key = lp_lanman_auth();
+ if (lpcfg_lanman_auth(gensec_security->settings->lp_ctx) &&
+ gensec_setting_bool(gensec_security->settings,
+ "ntlmssp_server", "allow_lm_key", false))
+ {
+ ntlmssp_state->allow_lm_key = true;
+ }
ntlmssp_state->neg_flags =
NTLMSSP_NEGOTIATE_128 |