wbinfo -a uses plaintext authentication ...

Tim Potter tpot at samba.org
Sat Jan 12 18:25:05 GMT 2002


On Sat, Jan 12, 2002 at 09:52:03AM +1100, Andrew Bartlett wrote:

> > This seems, ummm, bad. Perhaps there should be another flag for plaintext?
> 
> Its not bad - its perfectly fine.
> 
> Firstly - wbinfo -a is just a testing tool, and the password is already
> on the (other user visible) command line by this stage.

I might move some of this stuff into 'net winbind'.

> Secondly:  The plaintext/crap authentication methods both send a
> challange-response pair to the DC, the difference is where it is
> encrypted.  

In other words the password is only sent plain text over the unix
domain socket that connects the winbind client to the winbind daemon.


Tim.




More information about the samba-technical mailing list