wbinfo -a uses plaintext authentication ...
Richard Sharpe
rsharpe at ns.aus.com
Sat Jan 12 22:14:02 GMT 2002
Tim Potter wrote:
>On Sat, Jan 12, 2002 at 09:52:03AM +1100, Andrew Bartlett wrote:
>
>>>This seems, ummm, bad. Perhaps there should be another flag for plaintext?
>>>
>>Its not bad - its perfectly fine.
>>
>>Firstly - wbinfo -a is just a testing tool, and the password is already
>>on the (other user visible) command line by this stage.
>>
One bad practice does not excuse another. In this case I am thinking of
its use on an appliance, where this is not a real issue. In anycase,
there are ways to erase this info from the command line when the program
starts.
>
>I might move some of this stuff into 'net winbind'.
>
>>Secondly: The plaintext/crap authentication methods both send a
>>challange-response pair to the DC, the difference is where it is
>>encrypted.
>>
>
>In other words the password is only sent plain text over the unix
>domain socket that connects the winbind client to the winbind daemon.
>
OK, I wasn't thinking. This is fine.
More information about the samba-technical
mailing list