Default encrypted passwords = yes?

TAKAHASHI Motonobu monyo at samba.org
Fri Sep 28 10:22:04 GMT 2001 

Reading all mail about this topic, I strongly think the encrypt
passwords should be yes by default.

Herb Lewis wrote:
>Yes I agree that encrypted passwords are the correct thing to do in
>MOST cases

Strongly, yes.
Security is very important and becomes more important today.

>The part I don't like is the fact that if you have encrypted by default
>and have no smbpasswd file, you cannot even connect with smbclient as
>distributed.

This is not a problem but a good for security.

To set "encrypt passwords = yes", only users who have own entry in
smbpasswd file (or other database) can log in Samba server.

Easy to set up and less security like MS products is not good for most
admins, I think.

>This makes it look like we are shipping broken products.

I think it is not important.
If you have a Samba box and a Windows box, of which are set default, 
they cannot communicate with the other. So even if we can connect to a
Samba server from smbclient by default, they will feel "in the default
setting, we cannot connect to a Samba box by default.

Gerald (Jerry) Carter wrote:
>Your example was not your first experience working with Samba.
>I'm talking about newbies.  For experienced admins,
>having to set one additional line in smb.conf is no big deal.

To let ALL end-user click a reg file before accessing Samba server or
to set up to set automatically ALL systems' registry unsecure is much
more difficult than to add one line to smb.conf by an administrator
(even if a newbie admin).

Anyway to use plain text passwords, we have to change the setting of
Windows instead of Samba.

Gerald Carter wrote:
>I would vote against it.  Will add one more step to getting a
>simple working file server up for testing purposes.

I agree with you at the technical point, but test purpose is less
important than the use for real world.

Scott Gifford wrote:
>My vote, then, would be against.  In places where I've used Samba,
>it's been a tool for integration of UNIX and Windows.  Having
>different passwords isn't very integrated.

Since "unix password sync" or pam_ntdom will help you, 
this is partly yes.
This is the only advantage to use plain text password.

Andrew Bartlett wrote:
> I notice this becouse I have to test in with both settings, and I'm
> always forgetting to turn it back on.  I can imagine the annoyance
> this must be to a new admin...

Using plain text password,  lots of end-users say "when I will access
to a server(which is actually running Samba), the server says my
workstation does not have a permission to login the server, why?"
This makes more annoyance for admins.

monyo wrote now:-):
And if you use a plain text passwords against Windows NT which allows
to accept a plain text passwords , Windows NT refuses 3 times before
accessing a plain text password, so it is not good for performance
point.

>> insecure, and can not use encryption. Microsoft doesn't give
>> instructions for turning ON encryption in Samba, probably because they
>> don't want it to work. They want the user to be faced with disabling
>> Windows encryption, so that they instead decide not to use Samba.
>
>This is actually a very good point. 

I strongly agree!

>The question still remains how to generate the initial
>smbpasswd entries.

SUGJ(Samba Users Group Japan) members have said "encrypt passwords
should be alway set yes" last 2 years.

Now in most of major Linux distribution except Red Hat Linux
available in Japan, "encrypt passwords = yes" is default as far as I
know.

(Red Hat Linux uses the smb.conf included
packaging/RedHat/smb.conf.default even in Japanese version, but this
smb.conf is actually not suitable for Japanese environment)

And most (or all?) documents available in Japan recently says first
set "encrypt passwords = yes" and create a Samba account with
smbpasswd before using Samba" and do not mention plain text password.

It takes time to announce and to make the user notice this, but I
think we have to change the default setting some day and to change the
default with Samba 3.0 release is a good timing.

-----
TAKAHASHI, Motonobu(monyo)         monyo at samba.org
Personal - http://home.monyo.com/
Samba Team - http://samba.org/     Samba-JP - http://www.samba.gr.jp/  
JWNTUG - http://www.jwntug.or.jp/  Analog-JP - http://www.jp.analog.cx/
MCSE+I, SCNA, CCNA, Turbo-CI

More information about the samba-technical mailing list