ldap lpPassword and ntPassword fields

Matthew Chapman s2232203 at cse.unsw.edu.au
Tue Dec 15 18:30:19 GMT 1998

Luke Kenneth Casson Leighton wrote:

> these fields are clear-text equivalent, and are a) in clear-text in the
> ldap database

This can be fixed by putting acl's on those attributes.

> b) transmitted over-the-wire in the clear.

This one is rather harder. I seem to remember that with Windows one 
sometimes sees pure lm hashes sent over-the-wire as well (?).

As Allen Reese suggested I will have a look at RFC2222 (Simple
Authentication and Security Layer) as a possible means of doing
challenge/response stuff instead.


More information about the samba-technical mailing list