Disabling LM authentication

David Collier-Brown David.Collier-Brown at Canada.Sun.COM
Tue Nov 28 14:53:42 GMT 2000


"Mayers, Philip J" wrote:
> Win2K does it as a client setting "Don't send LM hash", "Don't sent NTLMv1
> hash"  

Cool: Luke looked at the problem, and said
in rpc_server/srv_netlog.c:
/* lkclXXXX this is not a good place to put disabling of LM hashes in.
   if that is to be done, first move this entire function into a
   library routine that calls the two smb_password_check() functions.
   if disabling LM hashes (which nt can do for security reasons) then
   an attempt should be made to disable them everywhere (which nt does
   not do, for various security-hole reasons).
*/
if (id2->hdr_lm_chal_resp.str_str_len == 24 &&
                smb_password_check((char *)id2->lm_chal_resp.buffer,
                           smb_pass->smb_passwd,

--dave
-- 
David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com




More information about the samba-technical mailing list