Default encrypted passwords = yes?
David Collier-Brown
davecb at canada.sun.com
Thu Sep 27 11:24:03 GMT 2001
Jay Ts wrote:
> Actually, they are idiots. :-)
Well, I'll agree with that, but I'm thinking
of Bill, not the techies (;-))
> My understanding is that although
> they don't send the password over the net, they do send a hash
> of the password, which can be grabbed by a sniffer and then used
> for cracking the security.
It's not quite that bad: the hash is indeed
plain-text equivalent, but the hash doesn't
cross the network in the current scheme, it's
just used as a shared key. An older version,
which I don't think we ever supported,
suposedly passed the password hash across the net...
--dave
--
David Collier-Brown, | Always do right. This will gratify
Americas Customer Engineering, | some people and astonish the rest.
SunPS Integration Services. | -- Mark Twain
(905) 415-2849 | davecb at canada.sun.com
More information about the samba-technical
mailing list