abartlet at samba.org
Tue Mar 9 22:19:13 GMT 2004
On Wed, 2004-03-10 at 04:24, Kenichi Okuyama wrote:
> Dear Alex,
> >>>>> "Alex" == Alexander Bokovoy <a.bokovoy at sam-solutions.net> writes:
> Alex> Basically, if you have system with inconsistent charset usage between
> Alex> filenames and user/group names, you'd already screwed. :) On other hand,
> Alex> I see no problem in having user/group names in non-ASCII but in the same encoding
> Alex> used to encode all other components (file names, etc).
> If you are building system from scratch, you are right.
> Problem occurs when you have Legacy system, and have to port those
> user to new system.
> # Yes 'Legacy' is where trouble begin. Always...
> Assume you were using unix on EBCDIC machine (don't ask me why).
> Your username and password was managed in EBCDIC. You have 10k users
> on your machine, and you know that password entry encoding uses the
> EBCDIC character code for generating hash.
> One day comes, when you have to move your men to Linux. You find
> filesystem can be moved easily to UTF-8, but password .... You have
> to decide ether to add 'EBCDIC password' module, or ask 10k men to
> restart their password, or crack 10k passwords and convert them to
> ASCII password.
> # Why not simply convert EBCDIC password to hash value then
> # re-calculate ASCII string for it? Well, that's because "Hash
> #value" is being effected by EBCDIC char code. Same password in
> # ASCII and EBCDIC usually ends in different "Hash value".
> Do you blame yourself if you select 'EBCDIC password' module
Just to clarify this in the Samba situation. Usernames must indeed be
in the 'unix charset', and this is just another part of the conversion.
Passwords are stored as UCS2 strings, so they will not need to be
re-entered. MS already got bitten by this once, with the LM password
hash, and did not repeat it for NT.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040310/a6a21ccd/attachment-0001.bin
More information about the samba-technical