Odp: AW: win2000 + unix

Rafał Szcześniak rszczesniak at mis.com.pl
Thu Sep 28 15:53:38 GMT 2000

Steve Langasek <vorlon at netexpress.net>
00-09-28 17:44

        Do:     Rafał Szcześniak <rszczesniak at mis.com.pl>
        DW:     Robert Wieczorek <Robert.Wieczorek at Telelogic.de>, 
samba-ntdom at us4.samba.org
        Temat:  Re: Odp: AW: win2000 + unix

On Thu, 28 Sep 2000, [iso-8859-2] Rafa³ Szcze¶niak wrote:

> Why don't you use encrypted passwords ???
> It's much, much safer.

This is misleading.  Using encrypted passwords is much safer *from network
eavesdropping*.  But like CHAP (one of Microsoft's other favorite 
it requires storing plaintext passwords (or their equivalent) on the 

Can you explain me then, where Samba stores plaintext passwords, when uses
encrypted passwords on the wire ?


making the server a much more valuable target for a cracker.  If you offer
other services that use plaintext password exchange, then storing
plaintext-equivalent passwords on the server could weaken security rather
than strengthening it.

Steve Langasek
postmodern programmer

More information about the samba-ntdom mailing list