UNIX PASSWD SYNC/changing password on NT workstation
Stephen Waters
swaters at amicus.com
Fri Aug 20 16:49:11 GMT 1999
Matt Chapman wrote:
>
> Stephen Waters wrote:
> >
> > > > But remember, if you're using YP and changing passwords
> > > > on a machien that isn't the YP master, then unix password
> > > > sync isn't going to work, as the YP password change program
> > > > needs the old password plaintext, which is not available
> > > > for encrypted Windows password changing.
> >
> > i think this is the most pertinent response so far. from what i can tell
> > from reading the docs, unix passwd sync cannot work unless you have all
> > of your workstations' registries set to pass plaintext passwds rather
> > than encrypted ones because, as jeremy notes above, "the password
> > plaintext... is not available for encrypted Windows password changing."
>
> No. Jeremy says, rightly, that the "old password plaintext" is not
> available. The "new password plaintext" *is* available regardless of
> encryption.
>
> Thus the point made is that "unix passwd sync" will only work with
> encrypted passwords when the unix passwd program does not require the
> old password. This is normally the case for local password databases,
> but for YP this is only possible on the YP master itself.
example situation: you're on a Windows NT workstation and you change
your password. does it send the changed password as plaintext over the
wire the first time, and is it encrypted from then on?
sorry, i'm just trying to understand how this mechanism works..
thanks,
stephen
More information about the samba-ntdom
mailing list