ldap lpPassword and ntPassword fields

Jeremy Allison jallison at cthulhu.engr.sgi.com
Tue Dec 15 19:49:38 GMT 1998

Luke Kenneth Casson Leighton wrote:
> ok, we may be able to make some modifications to pwdb_get_hex_pwd() and
> set_hex_pwd() to encrypt the password string with some privately stored
> information, e.g. syskey like nt does.

What would be the point of that ? I never understood your
obsession with re-implementing NT :-). The password still
has to go over the wire in plaintext for ldap v2 so why
bother obfuscating it. And how is the information in syskey
private. It's just hidden somewhere else - security through

The syskey design in NT is just plain broken, as by default
it just adds another obfuscation layer. The off-disk syskey
storage *is* of value but you're surely not suggesting that
for Samba ? And let's be honest. Hands up all the people who
actually *use* the off disk syskey feature with an NT server.
Remember you have to have that disk available whenever you


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list