Must a Samba PDC use encrypted passwords?
Bernie Kirby
bernie at ecr.mu.oz.au
Sun Jun 7 04:54:32 GMT 1998
G'day,
> > Hi all. I'm a little new to Samba- only been running it for a few months
> > mostly for people to get into their Solaris 2.5 home dirs. It's working
> > great for that- thanks to you all!
> >
My sentiments exactly. Samba is the best thing since sliced bread.
I don't know enough about NT to really comment, but...
> a new option has been added: "update encrypted". run with this for a
> week; then move over to "encrypt passwords".
If this option actually encrypts the passords on the fly, then
would it not then be possible to first encrypt it unix-style, then
check it against a normal unix passwd file, and then if that checks out,
second, encrypt it NT style, and then use that version to do all the 'NT'
related things that are required?
Assumption: Needs clear text passwords enabled on the NT machines.
(We don't care about Clear text passords flying around our network).
Thus, one could invisibly have NT passwords that are actually
generated on the fly after being verified in normal unix style? ... enabling
one to still keep a single unix password file?
It's just a thought, as we have a 'central' password system here,
and I'm going to have to modify it to also updates the nt passwords when
a user changes their usual unix password, not to mention initially
generating these passwords for thousands of existing users, for which
I envisage having them running an smbpasswd like command that will
add an NT password to our cenrtal database. The update encrypted option
may be an alternative, but I can see it begining to diverge from the
unix passwords after a while.
Anyway, keep up the good work people!
Bernie.
More information about the samba-ntdom
mailing list