Disabling LM authentication
David Collier-Brown
David.Collier-Brown at Canada.Sun.COM
Tue Nov 28 14:53:42 GMT 2000
"Mayers, Philip J" wrote:
> Win2K does it as a client setting "Don't send LM hash", "Don't sent NTLMv1
> hash"
Cool: Luke looked at the problem, and said
in rpc_server/srv_netlog.c:
/* lkclXXXX this is not a good place to put disabling of LM hashes in.
if that is to be done, first move this entire function into a
library routine that calls the two smb_password_check() functions.
if disabling LM hashes (which nt can do for security reasons) then
an attempt should be made to disable them everywhere (which nt does
not do, for various security-hole reasons).
*/
if (id2->hdr_lm_chal_resp.str_str_len == 24 &&
smb_password_check((char *)id2->lm_chal_resp.buffer,
smb_pass->smb_passwd,
--dave
--
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com
More information about the samba-technical
mailing list