why is the machine trust account password....

Andrew Bartlett abartlet at samba.org
Sat Dec 28 23:51:00 GMT 2002

On Fri, 2002-12-13 at 10:42, Gerald (Jerry) Carter wrote:
> Hash: SHA1
> On Fri, 13 Dec 2002, Tim Potter wrote:
> > > ....stored in clear text in secrets.tdb (HEAD) when i join an NT 4.0 
> > > domain?  It doesn't store the the last change time either.
> > > Unless someone yells, i'm going to fix this.
> > 
> > Er, it's always been in clear text.  Or are you referring to the last
> > change time?  That's probably a bug.
> I mean we store the password (not the hash).  We previously stored
> the hash right?

We need the cleartext becouse some of the kerberos things don't use the
NT#, they use other hashing stuff (particularly for systems without the
latest - unreleased - MIT krb5).  Regarding the last change time - yes,
we need to clean up this mess - I was looking to store all domains (even
the local one) in some kind of common record format, that would try to
keep trusted domains using as much common code as possible. 

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20021228/ea4b64c1/attachment.bin

More information about the samba-technical mailing list