Disabling LM authentication
Andrew Bartlett
abartlet at pcug.org.au
Tue Nov 28 22:00:53 GMT 2000
This is what
http://support.microsoft.com/support/kb/articles/Q147/7/06.asp describes
for WinNT (bringing this discussion full circle...).
What I was hoping is that samba would be able to:
1. Ignore LM hash based password connections (so as to introduce
password sensitivity)
2. Not store LM hashs in /etc/smbpasswd
"Mayers, Philip J" wrote:
>
> Win2K does it as a client setting "Don't send LM hash", "Don't sent NTLMv1
> hash"
>
> Regards,
> Phil
>
> +----------------------------------+
> | Phil Mayers, Network Support |
> | Centre for Computing Services |
> | Imperial College |
> +----------------------------------+
>
> -----Original Message-----
> From: David Collier-Brown [mailto:David.Collier-Brown at canada.sun.com]
> Sent: 28 November 2000 12:39
> To: Gerald Carter
> Cc: Steve Langasek; samba-technical at samba.org
> Subject: Re: Disabling LM authentication
>
> Gerald Carter wrote:
> > I never said it was perfect. :-) It only addresses
> > the brute forcing of lanman passwords in the event that
> > somone gets you smbpasswd file.
> >
> > In the light of this I can see where DCB's patch would
> > be useful now. I'll talk to Jeremy and stick it in.
>
> However, subsequent discussion shows
> that it won't really help this case...
>
> We need a specific "no lanman hashes" mechanism
> that doesn't break clients. Anyone care to
> suggest a good way to do that?
>
> --dave
> --
> David Collier-Brown, | Always do right. This will gratify some people
> 185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
> Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html
> Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com
--
Andrew Bartlett
abartlet at pcug.org.au
More information about the samba-technical
mailing list