Re: [Clonezilla-live] NTLM, Kerberos, and Microsoft
A partition and disk imaging/cloning program
Brought to you by:
steven_shiau
Menu
▾
▴
Re: [Clonezilla-live] NTLM, Kerberos, and Microsoft
|
From: Steven S. <st...@na...> - 2024-04-21 02:05:14
|
OK, we will find some time to understand that. Thanks. Steven On 2024/4/21 03:28, James Epp wrote: > I don't have any details to add unfortunately. I'd assume following the > Samba "upstream" project and developments (if any) on this topic is the > best place for the Clonezilla maintainers/volunteers to focus on if > there's any interest. > > On Fri, Apr 19, 2024 at 10:09 PM Steven Shiau <st...@na...> > wrote: > > Hi James, > Thanks for your feedback. Actually we are not familiar with MS > Windows. > Do you know any GNU/Linux docs that address the issue you > mentioned? It > would be great if the samba doc is specially for Debian or Ubuntu. > > Regards, > Steven > > On 2024/4/7 22:18, James Epp wrote: > > Thought I'd throw this thought into the wild for anyone to pick > up and > > run with. This doesn't directly affect me. > > > > In Clonezilla today (3.1.2-9) when setting up a connection to a SMB > > share for device-image mode, it prompts for a security mode (auto vs > > ntlm). > > > > What auto actually does under the hood is a bit unclear. At least in > > Microsoft land (and I'm not a good person to speak on Windows auth > > internals), you have three authentication methods - Negotiate, > > Kerberos, and NTLM. NTLM is then broken down into NTLM2 and NTLM1 > > (hopefully no one is using NTLM1 these days). Negotiate tries > Kerberos > > first and fallsback to NTLM2 if Kerberos fails. > > > > Microsoft recently made announcements that they're going to try to > > phase out NTLM entirely from Windows. This could impact Clonezilla > > users who use Microsoft SMB shares. At some point in the future - by > > default - Kerberos may be the only method for authentication, > and it's > > not clear if Clonezilla supports Kerberos for authentication today. > > > > Obviously this can turn into a rabbit hole quickly - new firewall > > requirements, time becomes significantly more important, etc etc. > > > > I'm not familiar at all with MIT KRB5 on GNU/Linux distros so as > > mentioned before, I am just throwing this out there for someone > who's > > smarter than I to consider. > > > > > > _______________________________________________ > > Clonezilla-live mailing list > > Clo...@li... > > https://lists.sourceforge.net/lists/listinfo/clonezilla-live > > -- > Steven Shiau <steven _at_ stevenshiau org> > Public Key Server PGP Key ID: 4096R/163E3FB0 > Fingerprint: EB1D D5BF 6F88 820B BCF5 356C 8E94 C9CD 163E 3FB0 > > > > _______________________________________________ > Clonezilla-live mailing list > Clo...@li... > https://lists.sourceforge.net/lists/listinfo/clonezilla-live > -- Steven Shiau <steven _at_ stevenshiau org> Public Key Server PGP Key ID: 4096R/163E3FB0 Fingerprint: EB1D D5BF 6F88 820B BCF5 356C 8E94 C9CD 163E 3FB0 |
