NT Password Change Behavior
gerth at stanford.edu
Tue Mar 19 10:53:04 GMT 2002
Jeremy Allison wrote:
> On Tue, Mar 19, 2002 at 11:17:23AM -0600, Matt Pavlovich wrote:
> > Quick question-
> > When a user updates their password from a local workstation on a Domain,
> > is the password hash generated on the client's computer, then passwd to
> > the PDC for storage, or is the clear password sent, and the PDC creates
> > the hash?
> Depends (doesn't it always with SMB :-). There are 3 different methods
> of changing a password. Probably more if you go into undocumented IDL
> territory :-).
> 1 uses plaintest only, one uses LM hash only but the one you probably
> want is the 3rd method that sends plaintext of new encrypted by hash
> of old.
Interesting - from what I'd seen in the Samba docs I thought that
LM hash was all the server ever could see (without the PlainTextPassword
tweak to the registry)?
How does one specify or control which of the three methods is used?
Also can Samba 2.2.3a handle NTLMv2 hashes?
John Gerth gerth at stanford.edu (650) 725-3273 fax 723-0033
More information about the samba-technical