NT Password Change Behavior

John Gerth gerth at stanford.edu
Tue Mar 19 10:53:04 GMT 2002

Jeremy Allison wrote:
> On Tue, Mar 19, 2002 at 11:17:23AM -0600, Matt Pavlovich wrote:
> > Quick question-
> >
> > When a user updates their password from a local workstation on a Domain,
> > is the password hash generated on the client's computer, then passwd to
> > the PDC for storage, or is the clear password sent, and the PDC creates
> > the hash?
> Depends (doesn't it always with SMB :-). There are 3 different methods
> of changing a password. Probably more if you go into undocumented IDL
> territory :-).
> 1 uses plaintest only, one uses LM hash only but the one you probably
> want is the 3rd method that sends plaintext of new encrypted by hash
> of old.
 Interesting - from what I'd seen in the Samba docs I thought that
 LM hash was all the server ever could see (without the PlainTextPassword
 tweak to the registry)?

 How does one specify or control which of the three methods is used?

 Also can Samba 2.2.3a handle NTLMv2 hashes?
John Gerth      gerth at stanford.edu         (650) 725-3273  fax 723-0033

More information about the samba-technical mailing list