diff options
Diffstat (limited to 'fs/cifs/README')
-rw-r--r-- | fs/cifs/README | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/fs/cifs/README b/fs/cifs/README index 0355003f4f0a..a68f8e3db2d2 100644 --- a/fs/cifs/README +++ b/fs/cifs/README | |||
@@ -485,14 +485,34 @@ PacketSigningEnabled If set to one, cifs packet signing is enabled | |||
485 | it. If set to two, cifs packet signing is | 485 | it. If set to two, cifs packet signing is |
486 | required even if the server considers packet | 486 | required even if the server considers packet |
487 | signing optional. (default 1) | 487 | signing optional. (default 1) |
488 | SecurityFlags Flags which control security negotiation and | ||
489 | also packet signing. Authentication (may/must) | ||
490 | flags (e.g. for NTLM and/or NTLMv2) may be combined with | ||
491 | the signing flags. Specifying two different password | ||
492 | hashing mechanisms (as "must use") on the other hand | ||
493 | does not make much sense. Default flags are | ||
494 | 0x07007 | ||
495 | (NTLM, NTLMv2 and packet signing allowed). Maximum | ||
496 | allowable flags if you want to allow mounts to servers | ||
497 | using weaker password hashes is 0x37037 (lanman, | ||
498 | plaintext, ntlm, ntlmv2, signing allowed): | ||
499 | |||
500 | may use packet signing 0x00001 | ||
501 | must use packet signing 0x01001 | ||
502 | may use NTLM (most common password hash) 0x00002 | ||
503 | must use NTLM 0x02002 | ||
504 | may use NTLMv2 0x00004 | ||
505 | must use NTLMv2 0x04004 | ||
506 | may use Kerberos security (not implemented yet) 0x00008 | ||
507 | must use Kerberos (not implemented yet) 0x08008 | ||
508 | may use lanman (weak) password hash 0x00010 | ||
509 | must use lanman password hash 0x10010 | ||
510 | may use plaintext passwords 0x00020 | ||
511 | must use plaintext passwords 0x20020 | ||
512 | (reserved for future packet encryption) 0x00040 | ||
513 | |||
488 | cifsFYI If set to one, additional debug information is | 514 | cifsFYI If set to one, additional debug information is |
489 | logged to the system error log. (default 0) | 515 | logged to the system error log. (default 0) |
490 | ExtendedSecurity If set to one, SPNEGO session establishment | ||
491 | is allowed which enables more advanced | ||
492 | secure CIFS session establishment (default 0) | ||
493 | NTLMV2Enabled If set to one, more secure password hashes | ||
494 | are used when the server supports them and | ||
495 | when kerberos is not negotiated (default 0) | ||
496 | traceSMB If set to one, debug information is logged to the | 516 | traceSMB If set to one, debug information is logged to the |
497 | system error log with the start of smb requests | 517 | system error log with the start of smb requests |
498 | and responses (default 0) | 518 | and responses (default 0) |