Default encrypted passwords = yes?

David Collier-Brown davecb at
Thu Sep 27 07:25:07 GMT 2001

James Nord wrote:

> I have just finished giving a lecture about security in system
> administratrion.  One of the things I said to the students was the following
>     "If it uses unencrypted passwords over the network get rid of it and
> replace it with an encrytped equivellent"

	Could you make that "a secure equivalent".
	If you passed an MS encrypted apssword over
	the net, you'd be in as bad shape as an
	unencrypted one!

	Microsoft, not being idiots, don't do that. They
	use challenge-response, and the fact that the
	passwords are encrypted is just a historical	

> Any option that makes any program less secure should always be disabled.

	Agreed: I wish kerberos was more widespread, and
	I'm pleased that ldap is spreading, as it does have
	a nice place to hang a better password scheme...
	assumig it gets used (;-))

David Collier-Brown,           | Always do right. This will gratify 
Americas Customer Engineering, | some people and astonish the rest.
SunPS Integration Services.    |                      -- Mark Twain
(905) 415-2849                 | davecb at

More information about the samba-technical mailing list