1 files changed, 26 insertions, 6 deletions
diff --git a/fs/cifs/README b/fs/cifs/README
index 0355003f4f0a..a68f8e3db2d2 100644
--- a/fs/cifs/README
+++ b/fs/cifs/README
@@ -485,14 +485,34 @@ PacketSigningEnabled	If set to one, cifs packet signing is enabled
                        it.  If set to two, cifs packet signing is
                        required even if the server considers packet
                        signing optional. (default 1)
+SecurityFlags           Flags which control security negotiation and
+                        also packet signing. Authentication (may/must)
+                        flags (e.g. for NTLM and/or NTLMv2) may be combined with
+                        the signing flags.  Specifying two different password
+                        hashing mechanisms (as "must use") on the other hand 
+                        does not make much sense. Default flags are 
+                                0x07007 
+                        (NTLM, NTLMv2 and packet signing allowed).  Maximum 
+                        allowable flags if you want to allow mounts to servers
+                        using weaker password hashes is 0x37037 (lanman,
+                        plaintext, ntlm, ntlmv2, signing allowed):
+ 
+                        may use packet signing                          0x00001
+                        must use packet signing                         0x01001
+                        may use NTLM (most common password hash)        0x00002
+                        must use NTLM                                   0x02002
+                        may use NTLMv2                                  0x00004
+                        must use NTLMv2                                 0x04004
+                        may use Kerberos security (not implemented yet) 0x00008
+                        must use Kerberos (not implemented yet)         0x08008
+                        may use lanman (weak) password hash             0x00010
+                        must use lanman password hash                   0x10010
+                        may use plaintext passwords                     0x00020
+                        must use plaintext passwords                    0x20020
+                        (reserved for future packet encryption)         0x00040
 cifsFYI                 If set to one, additional debug information is
                        logged to the system error log. (default 0)
-ExtendedSecurity        If set to one, SPNEGO session establishment
-                        is allowed which enables more advanced 
-                        secure CIFS session establishment (default 0)
-NTLMV2Enabled           If set to one, more secure password hashes
-                        are used when the server supports them and
-                        when kerberos is not negotiated (default 0)
 traceSMB                If set to one, debug information is logged to the
                        system error log with the start of smb requests
                        and responses (default 0)

diff --git a/fs/cifs/README b/fs/cifs/README index 0355003f4f0a..a68f8e3db2d2 100644 --- a/fs/cifs/README +++ b/fs/cifs/README
@@ -485,14 +485,34 @@ PacketSigningEnabled If set to one, cifs packet signing is enabled
485	it. If set to two, cifs packet signing is	485	it. If set to two, cifs packet signing is
486	required even if the server considers packet	486	required even if the server considers packet
487	signing optional. (default 1)	487	signing optional. (default 1)
		488	SecurityFlags Flags which control security negotiation and
		489	also packet signing. Authentication (may/must)
		490	flags (e.g. for NTLM and/or NTLMv2) may be combined with
		491	the signing flags. Specifying two different password
		492	hashing mechanisms (as "must use") on the other hand
		493	does not make much sense. Default flags are
		494	0x07007
		495	(NTLM, NTLMv2 and packet signing allowed). Maximum
		496	allowable flags if you want to allow mounts to servers
		497	using weaker password hashes is 0x37037 (lanman,
		498	plaintext, ntlm, ntlmv2, signing allowed):
		499
		500	may use packet signing 0x00001
		501	must use packet signing 0x01001
		502	may use NTLM (most common password hash) 0x00002
		503	must use NTLM 0x02002
		504	may use NTLMv2 0x00004
		505	must use NTLMv2 0x04004
		506	may use Kerberos security (not implemented yet) 0x00008
		507	must use Kerberos (not implemented yet) 0x08008
		508	may use lanman (weak) password hash 0x00010
		509	must use lanman password hash 0x10010
		510	may use plaintext passwords 0x00020
		511	must use plaintext passwords 0x20020
		512	(reserved for future packet encryption) 0x00040
		513
488	cifsFYI If set to one, additional debug information is	514	cifsFYI If set to one, additional debug information is
489	logged to the system error log. (default 0)	515	logged to the system error log. (default 0)
490	ExtendedSecurity If set to one, SPNEGO session establishment
491	is allowed which enables more advanced
492	secure CIFS session establishment (default 0)
493	NTLMV2Enabled If set to one, more secure password hashes
494	are used when the server supports them and
495	when kerberos is not negotiated (default 0)
496	traceSMB If set to one, debug information is logged to the	516	traceSMB If set to one, debug information is logged to the
497	system error log with the start of smb requests	517	system error log with the start of smb requests
498	and responses (default 0)	518	and responses (default 0)