Luke Kenneth Casson Leighton
lkcl at switchboard.net
Tue Jun 2 13:08:02 GMT 1998
yes you can ignore the LM hash: at the minimum you must support the NT
i recommend that you follow the "password API needed" and associated
as we are developing a password API. i recommend that you contact danny
breiss, as he is developing a prototype of the clear-text password API;
the encrypted password API already exists and is in passdb.c
small note, big hint: the passdb.c API should have _nothing_ to do with
the UNIX getpwnam() call or its entries. the minimum information that
must be stored is:
- NT 16 byte hash
- 16 bit ACB account type.
please contact me either privately or preferably via
samba-technical at samba.anu.edu.au if you need any assistance: we are
actively seeking to support as many password database systems as possible.
On Tue, 2 Jun 1998, NoRM wrote:
> I'm looking at porting the NT Domain samba to our rather specific
> environment. We have a centralised user database, much like Kerberos, and
> I have in the past ported Samba to use our system, rather than the
> standard shadow passwd file without problems.
> Now, with the advent of encrypted passwords, we have a problem. We've
> decided to try and augment our central database with a second passwd
> field, to store the hashed passwords as used by NT (in my test system, I
> simply system() call smbpasswd from the password changer).
> However, when looking at it in more depth, there are two entries in the
> smbpasswd file...
> Can I ask under which circumstances each is used? I.E. can I get away
> with ignoring one of the two algorithms?
> Norman R. McBride http://www.city.ac.uk/~norm/
> Computing Services, City University, England norm at city.ac.uk (MIME)
> "...the extreme case best illustrates the norm..." Stephen King
More information about the samba-ntdom