Password dilemmas.

Andrew Perrin - Demography aperrin at demog.Berkeley.EDU
Wed Feb 25 01:50:43 GMT 1998

I am very clearly *not* a programmer, nor a security expert.  But just as
a thought to this thread: what about expanding on the existing "shadow"
scheme used in Solaris (and I assume elsewhere) to separate passwords and
the rest of /etc/passwd?  Currently on shadowed systems, unix-hashed
passwords are stored in /etc/shadow, which has a simple 1-to-1
relationship to /etc/passwd.  What if one were to produce /etc/smbshadow
as well, which could contain unix-hashed copies of lanman-hashed SMB
passwords?  Then, modify smbpasswd (the program) to be an appropriate
substitute for passwd (the program), so it would change both locations as
necessary.  Indeed, a very useful version of this might allow root to
specify the relationship between the two (i.e., the two must be identical,
the two must not be identical, etc.).  This might satisfy most or all of
the conditions folks have posted, and add to sysadmins' flexibility in
deciding how to roll out solutions.

Andrew J. Perrin - aperrin at - NT/Unix Admin/Support
Department of Demography    -    University of California at Berkeley
2232 Piedmont Avenue #2120  -    Berkeley, California, 94720-2120 USA ----------------------------------

More information about the samba-ntdom mailing list