sambaPasswordHistory LDAP Attrinbute
jrich at dev.creative-tech.com
Fri Nov 5 19:36:26 GMT 2004
That does not seem to work for me.
For a password of "password", this is what shows in sambaPasswordHistory:
I added the space between the 2 16 byte values for clarity. I got the MD4
hash of the unicode version of "password" by running this:
mkntpwd -N password
that retuned: 8846F7EAEE8FB117AD06BDD830B7586C
so, if I run: mkntpwd -N
which is mkntpwd -N [1st 16 bytes in sambaPasswordHistory+value from mkntpwd
I should get the 2nd 16 byte value in sambaPasswordHistory... but I don't.
was that supposed to say MD5 in your last post?? I did tried both MD4 and MD5
just to check, but nither gave me the right result.
What am I doing wrong here?
Jeremy Allison (jra at samba.org) wrote:
> On Fri, Nov 05, 2004 at 01:58:32PM -0500, Jared Rich wrote:
> > i guess i'm not understanding this right...
> > the first 16 bytes make up the salt (unhashed) and the last 16 bytes make up
> > the hash of the salt and the MD4 unicode password?
> > how is the salt applied?
> Here is the algorithm.
> Hash = MD4(unicode password).
> Salt = 16 bytes random values.
> What is stored is :
> Where the + is a concatenation of the two 16 byte
> To check is a new password matches a history.
> For each entry in the history list, calculate :
> MD5(Salt + MD4(unicode new password)) and compare
> with the second 16 bytes stored. If it matches, then
> so did the new password.
More information about the samba-technical