SYSKEY, TNG freeze, 2.0.x->TNG merge and other thoughts
Luke Kenneth Casson Leighton
lkcl at samba.org
Thu Feb 10 07:53:07 GMT 2000
> You just stuck the data in a world-readable file. OK, you want to
> obfuscate it with some sort of encryption (bang go performance and/or
> scalability; security died a few minutes ago) - but you still want the
prove it. if you have no proof, don't make comments like this, you'll
only irritate me )at 3:30am that's not a good idea).
> data publicly available.
> > [actually, if you add a BDC to a domain using NT4, you can use rpcclient's
> > samsync command to pretend to be that BDC because the trust account
> > password is BDCNAMEUNICODELOWERCASE, and grab the entire SAM database
> > anonymously. the window of opportunity is between when the BDC is added
> > to the domain during the BDC-install stage and when the BDC installation
> > is compelted and yuou are presented , for the first time, with the
> > ctrl-alt-delete box on the BDC.
> > so yes, microsoft allows anonymous users to download the passwords, but
> > not in the way you perceive or describe.
> > the word from microsoft is that microsoft does not consider this to be a
> > serious security risk, by the way. oh, and they've probably fixed it
> > for nt5.]
> This is an accidental security hole which they have now fixed - and you
> want to copy and expand it!?
[too much detail to explain, i have better things to do].
examine rpcclient's createuser command, dammit. see the -j option. ntote
the "generate_random_buffer" bit.
then, examine smbpasswd's -j option, and not the _lack_ of
generate_random_buffer bit in the initial trust setup.
_then_ search the samba-ntdom archives for recommendations on whether i
recommend the use of rpcclient of smbpasswd to join workstations to
until you have done so, please shut up.
you have some useful comments to make, i notice and appreciate, but
please, stop the unproven statements or i'll be hitting "save" (i don't
delete) instead of reading.
More information about the samba-technical