From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 4 Sep 2019 23:19:10 +0000 (+1200)
Subject: docs: Deprecate "encrypt passwords = no"
X-Git-Tag: talloc-2.3.1~988
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8d0d99a4d78ba408bb45e2d693049025e60e277a;p=thirdparty%2Fsamba.git

docs: Deprecate "encrypt passwords = no"

This feature is only available for SMB1 and we need to warn users that this
is going away soon, and allow the removal in a future release under our rules
for parameter deprecation.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
---

diff --git a/docs-xml/smbdotconf/security/encryptpasswords.xml b/docs-xml/smbdotconf/security/encryptpasswords.xml
index 4bd97809d86..4fdfa898501 100644
--- a/docs-xml/smbdotconf/security/encryptpasswords.xml
+++ b/docs-xml/smbdotconf/security/encryptpasswords.xml
@@ -1,8 +1,16 @@
 <samba:parameter name="encrypt passwords"
                  context="G"
                  type="boolean"
+                 deprecated="1"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
+    <para>This parameter has been deprecated since Samba 4.11 and
+    support for plaintext (as distinct from NTLM, NTLMv2
+    or Kerberos authentication)
+    will be removed in a future Samba release.</para>
+    <para>That is, in the future, the current default of
+    <command>encrypt passwords = yes</command>
+    will be the enforced behaviour.</para>
     <para>This boolean controls whether encrypted passwords 
     will be negotiated with the client. Note that Windows NT 4.0 SP3 and 
     above and also Windows 98 will by default expect encrypted passwords