Default encrypted passwords = yes?

Jay Ts jay at toltec.metran.cx
Thu Sep 27 11:12:28 GMT 2001


> 
> Andrew Bartlett <abartlet at pcug.org.au> writes:
> 
> > Scott Gifford wrote:
> > > 
> > > Andrew Bartlett <abartlet at pcug.org.au> writes:
> > > 
> > > > Is there any reason not to make encrypted passwords the default in HEAD?
> > > 
> > > Wouldn't that break compatibility with the standard /etc/passwd file?
> > 
> > Indeed it would. 
> 
> My vote, then, would be against.  In places where I've used Samba,
> it's been a tool for integration of UNIX and Windows.  Having
> different passwords isn't very integrated.

Well, the idea is usually to have the same passwords in both the Unix
password file (/etc/shadow, usually nowadays) and the smbpasswd file.
The complication is that someone has to run the smbpasswd command and
enter all the users' Unix passwords ... which brings up a few issues.

It is more complicated, but what else is anyone going to do?  If
you want to implement plaintext passwords, you would then have to
go around to each "modern" (= Win98/NTSP4 or later) Windows computer
and edit the registry, correct?  I think it's simpler to run smbpasswd!

> Leaving things as they are is also the Path of Least Surprise.  When
> possible, upgrading software packages shouldn't break existing
> installations.

A very good point.

> An interesting approach might be to default to "encrypt passwords =
> yes" if there is an smbpasswd file, although I don't think that helps
> with your testing at all.

I wouldn't know about this, and the Samba Team have probably thought
about it already, but it would be cool if the Samba server were somehow
able to discern (using findsmb/nmblookup, perhaps) what's out there
on the network, and act accordingly.  But then this would be great in
*theory*, and in *practice* turn into a can of worms!

The simpler solution of course is to just leave things the way they
are until there is some unavoidable need for change.

- Jay Ts
jayts at iname.com




More information about the samba-technical mailing list