Encrypted and plain passwords with one server

David Collier-Brown David.Collier-Brown at canada.sun.com
Wed Sep 13 14:33:36 GMT 2000

"J.Heinen" wrote:
> Hi,
> I have made a change to the "passwd_ok" routine in
> source/smbd/password.c.
> This allows us to use both encrypted and plain passwords with one
> server.
> It worked fine for several months. Does anyone know whether this patch
> results in a security hole? 

	As I read it, this changes encrypted passwords = yes to 
	mean "encrypted passwords are preferred, and will be 
	looked up in the smbpasswd file first. Matching either 
	is sufficient".

	This allows a mismatch between the /etc/passwd and
	smbpasswd files, allowing one to log in using whatever
	is in the /etc/passwd file even if the intention was
	to switch completely to the smbpasswd file.  This in
	turn is a small security hole.

	Half the hole could be closed by updating smbpasswd 
	from the unix plain-text password each time it was used. 
	The other half remains open.

	I think I'd make this a feature of update encrypted,
	rather than of encrypted passwords.  Then the one-way
	relationship would be more apparent, and one half of the
	hole would be closed.

	To block the other half, in a case where you're trying to 
	have a multi-step switch over to MS's *#$#$!@! scheme,
	I'd propose an option like "invalidate if encrypted" to 
	set the unix password field to (literally!) 	
	"INVALIDATED_BY_SMB" or the like. 

	If you want to run both in parallel (which I assume you do),
	then make it an smb.conf selection in its own right, such as
	encrypted passwords = [yes, no, both].

David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com

More information about the samba-technical mailing list