Generatig Encrypted smbpasswd file
Gerald Carter
cartegw at Eng.Auburn.EDU
Wed May 12 01:19:14 GMT 1999
Peter Galbavy wrote:
>
> I have always, in my ignorance of the protocols, wonder this;
> on a setup where the passwords are only checked against
> the smbpasswd file and not "transmitted" to any other
> servers etc, is it not possible to support a backdoor use of
> the UNIX crypt format ? Even if it is down to using the
> crypt()'ed string as the password for samba and then just
> doing final, local comparisons.
If I understand you correctly, the problem would be that the
password hash is used to generate the challenge / response
keys. In order for Samba to take part in this, it must have
the hash of the user's password. If it does not have the
actual hash, it must be able to generate it.
This leads me to the point that Samba must have the password
stored on disk since it is never transmitted across the wire.
If the password is stored on disk it would have to be
decryptable hash. This would be a bad idea.
Does this answer your question (or did I even understand
the original post)?
Cheers,
jerry
________________________________________________________________________
Gerald ( Jerry ) Carter
Engineering Network Services Auburn University
jerry at eng.auburn.edu http://www.eng.auburn.edu/users/cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-technical
mailing list