Passwd change security (was CVS update: samba/source)
David Collier-Brown
davecb at Canada.Sun.COM
Fri Mar 20 20:19:24 GMT 1998
Jeremy Allison wrote:
> You misunderstood me. The only way a normal user
> can send a password change request using the new
> client/server protocol is if they entered the
> old password correctly as well (otherwise the
> new password won't decrypt properly at the
> server and, as the hash of the new password
> is used to decrypt the hash of the old password,
> which is also sent and checked then the old
> password has to be correct, if you get my
> meaning).
Good, that was what I hoped was ocurring.
I was mildly unsure that MS was really
doing it right (;-))
--dave
--
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | davecb at hobbes.ss.org, canada.sun.com
M2N 1Y3. 416-223-8968 | http://java.science.yorku.ca/~davecb
More information about the samba-technical
mailing list