Re: [Clonezilla-live] NTLM, Kerberos, and Microsoft

Fri, 19 Apr 2024 20:09:06 -0700 

Hi James,
Thanks for your feedback. Actually we are not familiar with MS Windows.
Do you know any GNU/Linux docs that address the issue you mentioned? It would be great if the samba doc is specially for Debian or Ubuntu. 

Regards,
Steven

On 2024/4/7 22:18, James Epp wrote:

Thought I'd throw this thought into the wild for anyone to pick up and
run with. This doesn't directly affect me.

In Clonezilla today (3.1.2-9) when setting up a connection to a SMB
share for device-image mode, it prompts for a security mode (auto vs
ntlm).

What auto actually does under the hood is a bit unclear. At least in
Microsoft land (and I'm not a good person to speak on Windows auth
internals), you have three authentication methods - Negotiate,
Kerberos, and NTLM. NTLM is then broken down into NTLM2 and NTLM1
(hopefully no  one is using NTLM1 these days). Negotiate tries Kerberos
first and fallsback to NTLM2 if Kerberos fails.

Microsoft recently made announcements that they're going to try to
phase out NTLM entirely from Windows. This could impact Clonezilla
users who use Microsoft SMB shares. At some point in the future - by
default - Kerberos may be the only method for authentication, and it's
not clear if Clonezilla supports Kerberos for authentication today.

Obviously this can turn into a rabbit hole quickly - new firewall
requirements, time becomes significantly more important, etc etc.

I'm not familiar at all with MIT KRB5 on GNU/Linux distros so as
mentioned before, I am just throwing this out there for someone who's
smarter than I to consider.


_______________________________________________
Clonezilla-live mailing list
Clonezilla-live@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clonezilla-live


--
Steven Shiau <steven _at_ stevenshiau org>
Public Key Server PGP Key ID: 4096R/163E3FB0
Fingerprint: EB1D D5BF 6F88 820B BCF5  356C 8E94 C9CD 163E 3FB0



_______________________________________________
Clonezilla-live mailing list
Clonezilla-live@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/clonezilla-live






















					Reply via email to