Generatig Encrypted smbpasswd file

Gerald Carter cartegw at Eng.Auburn.EDU
Wed May 12 01:19:14 GMT 1999

Peter Galbavy wrote:
> I have always, in my ignorance of the protocols, wonder this; 
> on a setup where the passwords are only checked against 
> the smbpasswd file and not "transmitted" to any other 
> servers etc, is it not possible to support a backdoor use of 
> the UNIX crypt format ? Even if it is down to using the 
> crypt()'ed string as the password for samba and then just
> doing final, local comparisons.

If I understand you correctly, the problem would be that the
password hash is used to generate the challenge / response 
keys.  In order for Samba to take part in this, it must have 
the hash of the user's password.  If it does not have the 
actual hash, it must be able to generate it.

This leads me to the point that Samba must have the password 
stored on disk since it is never transmitted across the wire.
If the password is stored on disk it would have to be 
decryptable hash.  This would be a bad idea.

Does this answer your question (or did I even understand 
the original post)?

                            Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at   

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )

More information about the samba-technical mailing list