plaintext to smbpasswd

Gerald Carter gcarter at
Sat Aug 4 12:41:46 GMT 2001

On Sat, 4 Aug 2001, Andrew Bartlett wrote:

> For the record here, this parameter checks plain text passwords against
> smbpasswd, not PAM/shadow.  The only reason not to do this is if PAM is
> expected to do something interesting with these passwords, but that
> requires 'obey pam restrictions = yes' in any case.

The same as using right?

> Furthermore, I'm not sure how it handles clients that sent UPPER case
> passwords - win9X :-(.  My guess is that it would generate an invalid
> NTLM hash, we would compare that and fail the authentication.  When I
> get a chance, I'll look into changing the code to be case insensitive
> for the older protocols.  (That is, I will only generate the LM hash,
> making us case insensitive).

Might need to do both.  See the 'lanman auth' parameter entry in

> Changing the default would certainly be the 'path of least suprise'
> for new administrators, but changes existing behavior.  Probably worth
> it once the bugs are fixed.

Why would the plaintest to smbpasswd everev be used if encrypt passwords =
yes?  Unless we have a broken client somewhere that ignores the encryption
bit in the negprot reply.

cheers, jerry

More information about the samba-technical mailing list