Change the rules for mschap auth to allow aux/cifs to interoperate
with aquarela (also needs an unrelated patch to aquarela).
It is valid to send the same response in both the LM and NTLM
fields provided one of them is correct, if neither matches,
or the two fields are different and either fails to match,
the whole sha-bang fails.
This is an improvment in security as it allows clients who
wish to do ntlm auth (which is insecure) not to send
lm tokens (which is very insecure).
Windows servers supports clients doing this also though
windows clients don't seem to use the feature.
-Steve
|