NT Password Change Behavior

Jeremy Allison jra at samba.org
Tue Mar 19 09:34:02 GMT 2002

On Tue, Mar 19, 2002 at 11:17:23AM -0600, Matt Pavlovich wrote:
> Quick question-
> When a user updates their password from a local workstation on a Domain,
> is the password hash generated on the client's computer, then passwd to
> the PDC for storage, or is the clear password sent, and the PDC creates
> the hash?

Depends (doesn't it always with SMB :-). There are 3 different methods
of changing a password. Probably more if you go into undocumented IDL
territory :-).

1 uses plaintest only, one uses LM hash only but the one you probably
want is the 3rd method that sends plaintext of new encrypted by hash
of old.


More information about the samba-technical mailing list