Extracting passwords from users.

Michel michel at nijenrode.nl
Thu Feb 26 09:53:40 GMT 1998 

Actually I'm working on synchronization/usercreation tools that work along
side with samba; main goal is to get something to work that will fit my needs
until samba pdc-ing is more completed, and I expect it to be finished
by the weekend (first crude-but-workable-version).
It consists of a small daemon running on NT-server(s), capable of handling
account-creation and password changing. Then a client for this
on the unix machine that adds/changes passwords of the NT accounts,
Unix accounts and samba accounts all in one go, as well as a daemon version
of this that accepts such requests from win95 workstations. For win95
a small password changing program (that connects to samba server to
change the password, which then in turns forwards the request to the NT
server(s)). It's not beautiful, not standard and involves a lot of
plain passwords but the parts that I have now work really well and fit my 
needs.
At least till the same functionality is in samba.

If others find this package interesting drop me a note; if I get lots of
request I'll announce the finishing of the tools.

Michel.


-- 
 Michel van der Laan	-	michel at nijenrode.nl
				http://www.nijenrode.nl/~michel
In your mail from 26-2-1998 you write:
> > I was just throwing something out there.  I didn't say it was
> > necessarily *GOOD*.  ;)
> 
> Tim,
> 
> Doesn't have to be good. So long as it works. The only thing I would have
> to say about it is that it could look somewhat unprofessional. For example
> someone's released an authentication package for NT that authenticates by
> logging onto an FTP server on UNIX. Fair enough, it works... but it's not
> really the sort of thing that would be widely accepted.
> 
> We should probably choose one method to distribute and then have a list of
> suggestions (ie popd, login, setting users' shells to /bin/passwd).
> 
> Regards,
> 
> Sam.
> 
> > 
> > On Thu, 26 Feb 1998, Samuel James Johnston wrote:
> > 
> > > Tim,
> > > 
> > > Certainly this would work, but it's probably not going to be acceptable
> > > for a lot of sites. Maybe we could come up with a solution like the one
> > > Paul sent yesterday, and then give a list of alternatives for those who
> > > want to do it another way (hack login, popd, etc.)
> > > 
> > > Sam.
> > > 
> > > On Wed, 25 Feb 1998, Tim Winders wrote:
> > > 
> > > > On Wed, 25 Feb 1998, Samuel James Johnston wrote:
> > > > 
> > > > <snip>
> > > > > not get to see the cleartext password. In the land of UNIX, the only 
>two
> > > > > processes which handle the cleartext password regularly are login and
> > > > > /bin/passwd.
> > > > 
> > > > What about POP/IMAP daemons?  This wouldn't be universal of course, but
> on
> > > > MY system, I don't have too many "interactive" logins (telnet, etc).
> > > > Most/all of my users have Unix accounts which are used primarily for ma
>il
> > > > (POP/IMAP) and some file storage (SAMBA).
> > > > 
> > > > Could this be used in any way to "get" the cleartext password?
> > > > 
> > > > ---------------------------------------------------------------------
> > > > |  Tim Winders, CNE              |  Email:  twinders at SPC.cc.tx.us   |
> > > > |  Network Administrator         |  Phone:  806-894-9611 x 2369     |
> > > > |  South Plains College          |  Fax:    806-897-4711            |
> > > > ---------------------------------------------------------------------
> > > > 
> > > > 
> > > > 
> > > 
> > 
> > ---------------------------------------------------------------------
> > |  Tim Winders, CNE              |  Email:  twinders at SPC.cc.tx.us   |
> > |  Network Administrator         |  Phone:  806-894-9611 x 2369     |
> > |  South Plains College          |  Fax:    806-897-4711            |
> > ---------------------------------------------------------------------
> > 
> > 
> >

More information about the samba-ntdom mailing list