Default encrypted passwords = yes?

Jay Ts jay at
Thu Sep 27 10:57:37 GMT 2001

> Jay Ts <jay at> writes:
> [...]
> > 2. Even if the above were not true, from a security perspective a
> >    Samba server with non-encrypted passwords is only good for an
> >    "evaluation" Samba installation.
> [...]
> This isn't really true...We used Samba extensively at a previous job
> for letting Web designers working in Windows easily update Web pages
> stored on our UNIX Web server.  We used their regular UNIX passwords
> (it was hard enough getting them to change their passwords once in
> awhile, let alone getting them to change two...) and plaintext
> authentication.  The network was trusted and the users were trusted,
> and we never had any problems with it.

Note that I wrote, "from a security perspective".  Just to clarify,
what I meant by that is that in environments where security is more
of a concern (i.e., where users are, perhaps for good reason, not
trusted) non-encrypted passwords would be an unacceptable security
hole.  (And so would using Workgroup networking rather than domain

I'm happy that you were able to use less security and have it work
out ok.  To make another thing clear: I don't want to argue with
maintaining a friendly user community and being able to trust people!
That is the best security of all.

- Jay Ts
jayts at

More information about the samba-technical mailing list