Passwd change security (was CVS update: samba/source)

David Collier-Brown davecb at Canada.Sun.COM
Fri Mar 20 20:19:24 GMT 1998

Jeremy Allison wrote:
> You misunderstood me. The only way a normal user
> can send a password change request using the new
> client/server protocol is if they entered the
> old password correctly as well (otherwise the
> new password won't decrypt properly at the
> server and, as the hash of the new password
> is used to decrypt the hash of the old password,
> which is also sent and checked then the old
> password has to be correct, if you get my
> meaning).

	Good, that was what I hoped was ocurring.
	I was mildly unsure that MS was really
	doing it right (;-))

David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | davecb at,
M2N 1Y3. 416-223-8968 |

More information about the samba-technical mailing list