plaintext to smbpasswd
Gerald Carter
gcarter at valinux.com
Sat Aug 4 12:41:46 GMT 2001
On Sat, 4 Aug 2001, Andrew Bartlett wrote:
> For the record here, this parameter checks plain text passwords against
> smbpasswd, not PAM/shadow. The only reason not to do this is if PAM is
> expected to do something interesting with these passwords, but that
> requires 'obey pam restrictions = yes' in any case.
The same as using pam_smbpass.so right?
> Furthermore, I'm not sure how it handles clients that sent UPPER case
> passwords - win9X :-(. My guess is that it would generate an invalid
> NTLM hash, we would compare that and fail the authentication. When I
> get a chance, I'll look into changing the code to be case insensitive
> for the older protocols. (That is, I will only generate the LM hash,
> making us case insensitive).
Might need to do both. See the 'lanman auth' parameter entry in
smb.conf(5)
> Changing the default would certainly be the 'path of least suprise'
> for new administrators, but changes existing behavior. Probably worth
> it once the bugs are fixed.
Why would the plaintest to smbpasswd everev be used if encrypt passwords =
yes? Unless we have a broken client somewhere that ignores the encryption
bit in the negprot reply.
cheers, jerry
More information about the samba-technical
mailing list