Extracting passwords from users.

Samuel James Johnston samj at cse.unsw.EDU.AU
Thu Feb 26 01:50:20 GMT 1998


> I was just throwing something out there.  I didn't say it was
> necessarily *GOOD*.  ;)

Tim,

Doesn't have to be good. So long as it works. The only thing I would have
to say about it is that it could look somewhat unprofessional. For example
someone's released an authentication package for NT that authenticates by
logging onto an FTP server on UNIX. Fair enough, it works... but it's not
really the sort of thing that would be widely accepted.

We should probably choose one method to distribute and then have a list of
suggestions (ie popd, login, setting users' shells to /bin/passwd).

Regards,

Sam.

> 
> On Thu, 26 Feb 1998, Samuel James Johnston wrote:
> 
> > Tim,
> > 
> > Certainly this would work, but it's probably not going to be acceptable
> > for a lot of sites. Maybe we could come up with a solution like the one
> > Paul sent yesterday, and then give a list of alternatives for those who
> > want to do it another way (hack login, popd, etc.)
> > 
> > Sam.
> > 
> > On Wed, 25 Feb 1998, Tim Winders wrote:
> > 
> > > On Wed, 25 Feb 1998, Samuel James Johnston wrote:
> > > 
> > > <snip>
> > > > not get to see the cleartext password. In the land of UNIX, the only two
> > > > processes which handle the cleartext password regularly are login and
> > > > /bin/passwd.
> > > 
> > > What about POP/IMAP daemons?  This wouldn't be universal of course, but on
> > > MY system, I don't have too many "interactive" logins (telnet, etc).
> > > Most/all of my users have Unix accounts which are used primarily for mail
> > > (POP/IMAP) and some file storage (SAMBA).
> > > 
> > > Could this be used in any way to "get" the cleartext password?
> > > 
> > > ---------------------------------------------------------------------
> > > |  Tim Winders, CNE              |  Email:  twinders at SPC.cc.tx.us   |
> > > |  Network Administrator         |  Phone:  806-894-9611 x 2369     |
> > > |  South Plains College          |  Fax:    806-897-4711            |
> > > ---------------------------------------------------------------------
> > > 
> > > 
> > > 
> > 
> 
> ---------------------------------------------------------------------
> |  Tim Winders, CNE              |  Email:  twinders at SPC.cc.tx.us   |
> |  Network Administrator         |  Phone:  806-894-9611 x 2369     |
> |  South Plains College          |  Fax:    806-897-4711            |
> ---------------------------------------------------------------------
> 
> 
> 



More information about the samba-ntdom mailing list