HP CIFS Client A.02.02 Administrator's Guide

CIFS Security and Authentication

Introduction

Chapter 344

Server-Speciﬁc conﬁguration section below. These parameters are used

to select which mechanisms are used by the CIFS Client to authenticate

users to CIFS servers.

Legal entries for the authenticationMethod parameter are ntlm or

kerberos.The default value of this parameter is ntlm. If you wish to

use Kerberos, the conﬁguration setting is:

authenticationMethod = kerberos;

In this case, the CIFS Client requests the use of Kerberos when

negotiating an initial connection with the CIFS Server. If the server’s

response is afﬁrmative, only Kerberos is used for authenticating users to

this server; otherwise NTLM is used. If the NTLM protocol is used, the

CIFS Client determines which NTLM version to use based on the

ntlmEncryptionVersion conﬁguration.

If you attempt to use the traditional Windows NT LAN Manager (NTLM)

protocol, set the authenticationMethod parameter to ntlm. In this

case, the CIFS Client determines which NTLM version to use based on

the ntlmEncryptionVersion conﬁguration.

Valid entries for the ntlmEncryptionVersion parameter are ntlm or

ntlmv2. For CIFS servers with which Kerberos is not used, if you want to

use only NTLMv2 password encryption, set the

ntlmEncryptionVersion parameter to ntlmv2. Otherwise, if you want

to use only NTLM password encryption, set this parameter to ntlm. By

default, the ntlmEncryptionVersion parameter is set to ntlm.

Server-Speciﬁc Conﬁguration

The CIFS Client provides a method for over-riding global settings on a

server-speciﬁc basis. For example, if you set ntlmEncryptionVersion

globally to NTLM, but you want to ensure that server buildsys uses only

NTLMv2, you can create the following section (within the enclosing “cifs”

section, see also the example at the end of the CIFS Client conﬁguration

ﬁle):

buildsys = {

ntlmEncryptionVersion = ntlmv2;

};