sambaPasswordHistory LDAP Attrinbute

Jeremy Allison jra at
Fri Nov 5 19:06:08 GMT 2004

On Fri, Nov 05, 2004 at 01:58:32PM -0500, Jared Rich wrote:
> i guess i'm not understanding this right...
> the first 16 bytes make up the salt (unhashed) and the last 16 bytes make up
> the hash of the salt and the MD4 unicode password?
> how is the salt applied?

Here is the algorithm.

Hash = MD4(unicode password).
Salt = 16 bytes random values.

What is stored is :


Where the + is a concatenation of the two 16 byte

To check is a new password matches a history.

For each entry in the history list, calculate :

MD5(Salt + MD4(unicode new password)) and compare
with the second 16 bytes stored. If it matches, then
so did the new password.


More information about the samba-technical mailing list