aboutsummaryrefslogtreecommitdiffstats
path: root/fs/cifs/README
diff options
context:
space:
mode:
Diffstat (limited to 'fs/cifs/README')
-rw-r--r--fs/cifs/README32
1 files changed, 26 insertions, 6 deletions
diff --git a/fs/cifs/README b/fs/cifs/README
index 0355003f4f0a..a68f8e3db2d2 100644
--- a/fs/cifs/README
+++ b/fs/cifs/README
@@ -485,14 +485,34 @@ PacketSigningEnabled If set to one, cifs packet signing is enabled
485 it. If set to two, cifs packet signing is 485 it. If set to two, cifs packet signing is
486 required even if the server considers packet 486 required even if the server considers packet
487 signing optional. (default 1) 487 signing optional. (default 1)
488SecurityFlags Flags which control security negotiation and
489 also packet signing. Authentication (may/must)
490 flags (e.g. for NTLM and/or NTLMv2) may be combined with
491 the signing flags. Specifying two different password
492 hashing mechanisms (as "must use") on the other hand
493 does not make much sense. Default flags are
494 0x07007
495 (NTLM, NTLMv2 and packet signing allowed). Maximum
496 allowable flags if you want to allow mounts to servers
497 using weaker password hashes is 0x37037 (lanman,
498 plaintext, ntlm, ntlmv2, signing allowed):
499
500 may use packet signing 0x00001
501 must use packet signing 0x01001
502 may use NTLM (most common password hash) 0x00002
503 must use NTLM 0x02002
504 may use NTLMv2 0x00004
505 must use NTLMv2 0x04004
506 may use Kerberos security (not implemented yet) 0x00008
507 must use Kerberos (not implemented yet) 0x08008
508 may use lanman (weak) password hash 0x00010
509 must use lanman password hash 0x10010
510 may use plaintext passwords 0x00020
511 must use plaintext passwords 0x20020
512 (reserved for future packet encryption) 0x00040
513
488cifsFYI If set to one, additional debug information is 514cifsFYI If set to one, additional debug information is
489 logged to the system error log. (default 0) 515 logged to the system error log. (default 0)
490ExtendedSecurity If set to one, SPNEGO session establishment
491 is allowed which enables more advanced
492 secure CIFS session establishment (default 0)
493NTLMV2Enabled If set to one, more secure password hashes
494 are used when the server supports them and
495 when kerberos is not negotiated (default 0)
496traceSMB If set to one, debug information is logged to the 516traceSMB If set to one, debug information is logged to the
497 system error log with the start of smb requests 517 system error log with the start of smb requests
498 and responses (default 0) 518 and responses (default 0)