Encrypted and plain passwords with one server

Andrew Tridgell tridge at linuxcare.com
Thu Sep 14 03:58:37 GMT 2000


> I have made a change to the "passwd_ok" routine in
> source/smbd/password.c.
> This allows us to use both encrypted and plain passwords with one
> server.
> It worked fine for several months.

It may have "worked fine" but I don't think it does quite what you

When a encryption-capable client see the "encrypted" bit in the
negprot response it will _always_ enrcypt the password sent to the
server. Thus falling back to treating what the client sends as
non-encrypted just doesn't work.

Samba does support mixtures of clients that do and don't support
encryption by looking at the length of the password field. If it is 24
bytes then it is assumed to be encrypted, otherwise the non-encrypted
password code is used.

What client are you using that will send non-encrypted passwords to an
encrypted server?

Cheers, Tridge

More information about the samba-technical mailing list