Encrypted and plain passwords with one server
David Collier-Brown
David.Collier-Brown at canada.sun.com
Wed Sep 13 14:33:36 GMT 2000
"J.Heinen" wrote:
>
> Hi,
>
> I have made a change to the "passwd_ok" routine in
> source/smbd/password.c.
> This allows us to use both encrypted and plain passwords with one
> server.
> It worked fine for several months. Does anyone know whether this patch
> results in a security hole?
As I read it, this changes encrypted passwords = yes to
mean "encrypted passwords are preferred, and will be
looked up in the smbpasswd file first. Matching either
is sufficient".
This allows a mismatch between the /etc/passwd and
smbpasswd files, allowing one to log in using whatever
is in the /etc/passwd file even if the intention was
to switch completely to the smbpasswd file. This in
turn is a small security hole.
Half the hole could be closed by updating smbpasswd
from the unix plain-text password each time it was used.
The other half remains open.
I think I'd make this a feature of update encrypted,
rather than of encrypted passwords. Then the one-way
relationship would be more apparent, and one half of the
hole would be closed.
To block the other half, in a case where you're trying to
have a multi-step switch over to MS's *#$#$!@! scheme,
I'd propose an option like "invalidate if encrypted" to
set the unix password field to (literally!)
"INVALIDATED_BY_SMB" or the like.
If you want to run both in parallel (which I assume you do),
then make it an smb.conf selection in its own right, such as
encrypted passwords = [yes, no, both].
--dave
--
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com
More information about the samba-technical
mailing list