[Pkg-samba-maint] "lanman auth = no" by default?

[Steve Langasek]

For hardy, Ubuntu has a spec that stipulates we should be able to do
out-of-the-box filesharing to Windows/Mac/Linux clients:

  https://wiki.ubuntu.com/EasyFileSharing

As you can see, Samba is the easy winner since CIFS is the one protocol
supported out-of-the-box on all recent Windows and MacOS releases for local
network browsing of shared resources.

Part of this has already been addressed with the addition of the "net
usershare" patch in 3.0.27-1, but another element of this is described in
<https://bugs.launchpad.net/ubuntu/+source/samba/+bug/163194>: to support
transparent filesharing we need to have encrypted passwords enabled out of
the box, but we don't want to store insecure lanman hashes on disk.

So the plan is to set "lanman auth = no" by default (by patching the source
again), which will break Win9x clients unless the admin changes this
setting.  Do you have an opinion about this?  Since the last Win9x release
was WinME which was a steaming pile that users quickly migrated away from, I
think Win9x now represents a reasonably small fraction of workstations and
therefore it's reasonable to make this change for both Debian and Ubuntu.
Does anyone here feel otherwise?

Since this is a behavior change, I'm assuming that we would again want to
document it in NEWS.Debian.

And BTW, the default value for "lanman auth" has already been changed
upstream in 3.2, along with "client lanman auth = No" and "client plaintext
auth = No" which we should also consider; but I don't think we should wait
for 3.2 release before getting some experience with this on the ground.

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/