ldap lpPassword and ntPassword fields
s2232203 at cse.unsw.edu.au
Tue Dec 15 18:30:19 GMT 1998
Luke Kenneth Casson Leighton wrote:
> these fields are clear-text equivalent, and are a) in clear-text in the
> ldap database
This can be fixed by putting acl's on those attributes.
> b) transmitted over-the-wire in the clear.
This one is rather harder. I seem to remember that with Windows one
sometimes sees pure lm hashes sent over-the-wire as well (?).
As Allen Reese suggested I will have a look at RFC2222 (Simple
Authentication and Security Layer) as a possible means of doing
challenge/response stuff instead.
More information about the samba-technical