SYSKEY2. Request For Comments
jeremy at valinux.com
jeremy at valinux.com
Fri Feb 4 18:32:00 GMT 2000
>
> i need to make the sam database read-accessible to all unix users. just
> like /etc/passwd.
>
> therefore, i need to encrypt the passwords [or as elrond suggested, keep
> them in a separate database that is root-only accessible] with a root-only
> accessible syskey.
No, you don't want to give even encrypted access to the hash
values to ordinary users.
And if you keep the hashaes seperately in a root accessible
only file (like the current smbpasswd file), then you don't
need to encrypt the file - just as we don't encrypt the root
read only smbpasswd right now.
It's a waste of time and effort. Don't do it !
SYSKEY is just a pathetic attempt to add obscurity
to a system unless the root key is kep t separately
off the machine on a floppy - that's the only reason
it would add *any* security.
Jeremy.
More information about the samba-ntdom
mailing list