password API needed
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Tue May 12 19:46:52 GMT 1998
On Tue, 12 May 1998, Jean-Francois Micouleau wrote:
> > then we will need to put the 16 byte hashes in, not the plain-text
> > password. this is because the plain-text password, in the above
> > scenarios, will not be available.
>
> You have to make the distinction between users and trusts accounts.
why? not in my book you don't, and not in an NT SAM you don't. trust
accounts _are_ SAM users, but just with a different ACB_xxxx value.
> If
> people go for ldap, it's because they probably want to have a single
> database to store password.
yep.
> > so, if i add "ntPwdHash" and "lmPwdHash" to the ldap schema, you know why
> > :-)
>
> I don't like it, I prefer to follow RFC2037.
wossat, then? what's that say (in a nutshell)
> {lmHash} and {ntHash} are not define in the RFC, it's something I just
> invented.
>
> crypted password are better defined in ldap v3, but Umich slapd server is
> ldap v2 only.
damn.
then we will have to invent / use what microsoft does, which is to
obfuscate with a long-term session key.
More information about the samba-technical
mailing list