diff options
author | Andrew Bartlett <abartlet@samba.org> | 2014-09-05 17:38:38 +1200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2014-09-30 12:32:05 +0200 |
commit | afe02d12f444ad9a6abf31a61f578320520263a9 (patch) | |
tree | 8826e55ffd9d93a8cde8db09679e9d147bee497a /docs-xml/smbdotconf | |
parent | e2cd3257141bd4a88cda1fff5bde9df60b253a97 (diff) | |
download | samba-afe02d12f444ad9a6abf31a61f578320520263a9.tar.gz samba-afe02d12f444ad9a6abf31a61f578320520263a9.tar.xz samba-afe02d12f444ad9a6abf31a61f578320520263a9.zip |
winbindd: Change value of "ldap sasl wrapping" to sign
This is to disrupt MITM attacks between us and our DC
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'docs-xml/smbdotconf')
-rw-r--r-- | docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml index 076b05ca16..e0ce700079 100644 --- a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml +++ b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml @@ -34,11 +34,9 @@ </para> <para> - The default value is <emphasis>plain</emphasis> which is not irritable - to KRB5 clock skew errors. That implies synchronizing the time - with the KDC in the case of using <emphasis>sign</emphasis> or - <emphasis>seal</emphasis>. + The default value is <emphasis>sign</emphasis>. That implies synchronizing the time + with the KDC in the case of using <emphasis>Kerberos</emphasis>. </para> </description> -<value type="default">plain</value> +<value type="default">sign</value> </samba:parameter> |