API password.c
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Wed May 27 14:55:08 GMT 1998
On Wed, 27 May 1998, Danny Braniss wrote:
>
> im in the middle of 'surgery', and the Upper/Lower case password stuff has
> me worried, can it be dropped, or else somehow configurable?
you are talking about clear-text passwords (password.c), with all its
security problems and other inherent problems (like you can't do domain
logons; clear-text passwords are _not_ stored in win-client share-caches
like *.PWL on win-95-clients; you have to EnablePlainTextPassword in the
registry for SP3).
the upper/lower case password "cracking" is necessary, and is compile-time
configured quite deliberately. it cannot be dropped, as when you use
clear-text passwords, the win-clients stupidly _upper-case_ them.
therefore a cracking algorithm must be applied to guess the combination of
possible upper/lower case letters.
yes, someone needs to do a "password api" for password.c, however
personally i am more concerned with the "password api" for NT/LM hashes,
in passdb.c.
jeremy, danny, can i ask you possibly to keep in touch on this one?
ta! luke
More information about the samba-technical
mailing list