Default encrypted passwords = yes?
David Collier-Brown
davecb at canada.sun.com
Thu Sep 27 07:25:07 GMT 2001
James Nord wrote:
> I have just finished giving a lecture about security in system
> administratrion. One of the things I said to the students was the following
> "If it uses unencrypted passwords over the network get rid of it and
> replace it with an encrytped equivellent"
Could you make that "a secure equivalent".
If you passed an MS encrypted apssword over
the net, you'd be in as bad shape as an
unencrypted one!
Microsoft, not being idiots, don't do that. They
use challenge-response, and the fact that the
passwords are encrypted is just a historical
accident.
> Any option that makes any program less secure should always be disabled.
Agreed: I wish kerberos was more widespread, and
I'm pleased that ldap is spreading, as it does have
a nice place to hang a better password scheme...
assumig it gets used (;-))
--dave
--
David Collier-Brown, | Always do right. This will gratify
Americas Customer Engineering, | some people and astonish the rest.
SunPS Integration Services. | -- Mark Twain
(905) 415-2849 | davecb at canada.sun.com
More information about the samba-technical
mailing list