API password.c

Luke Kenneth Casson Leighton lkcl at switchboard.net
Wed May 27 14:55:08 GMT 1998

On Wed, 27 May 1998, Danny Braniss wrote:

> im in the middle of 'surgery', and the Upper/Lower case password stuff has
> me worried, can it be dropped, or else somehow configurable?

you are talking about clear-text passwords (password.c), with all its
security problems and other inherent problems (like you can't do domain
logons;  clear-text passwords are _not_ stored in win-client share-caches
like *.PWL on win-95-clients; you have to EnablePlainTextPassword in the
registry for SP3).

the upper/lower case password "cracking" is necessary, and is compile-time
configured quite deliberately.  it cannot be dropped, as when you use
clear-text passwords, the win-clients stupidly _upper-case_ them. 
therefore a cracking algorithm must be applied to guess the combination of
possible upper/lower case letters.

yes, someone needs to do a "password api" for password.c, however
personally i am more concerned with the "password api" for NT/LM hashes,
in passdb.c.

jeremy, danny, can i ask you possibly to keep in touch on this one?

ta!  luke

More information about the samba-technical mailing list