Odp: AW: win2000 + unix
Eric Pilger
pilger at kahana.higp.hawaii.edu
Thu Sep 28 18:44:21 GMT 2000
Rafa³ Szcze¶niak wrote:
> Steve Langasek <vorlon at netexpress.net>
> 00-09-28 17:44
>
>
> Do: Rafaù Szczeúniak <rszczesniak at mis.com.pl>
> DW: Robert Wieczorek <Robert.Wieczorek at Telelogic.de>,
> samba-ntdom at us4.samba.org
> Temat: Re: Odp: AW: win2000 + unix
>
> On Thu, 28 Sep 2000, [iso-8859-2] Rafa³ Szcze¶niak wrote:
>
> > Why don't you use encrypted passwords ???
> > It's much, much safer.
>
> This is misleading. Using encrypted passwords is much safer *from network
> eavesdropping*. But like CHAP (one of Microsoft's other favorite
> protocols),
> it requires storing plaintext passwords (or their equivalent) on the
> server,
>
> Can you explain me then, where Samba stores plaintext passwords, when uses
> encrypted passwords on the wire ?
>
> Rafaù
>
Plaintext passwords are not stored on the server. The passwords in smbpasswd
are encrypted. You can't mix and match methods because the encryption is
different from UNIX. Since there are no plain text passwords, you can't get
from one to the other.
I think I heard the complaint once that these encrypted passwords are as
good(bad) as real passwords because they can be used just as they are. Unlike
UNIX, which requires the plain text password, and then encrypts it, this
mechanism requires the encrypted password, and then just uses it. Therefore,
you really want to keep that smbpasswd file private. Am I getting this right?
--
Eric J. Pilger
Systems Administrator
Hawaii Institute of Geophysics and Planetology/SOEST
pilger at pgd.hawaii.edu
(808)956-6321
More information about the samba-ntdom
mailing list