svn commit: lorikeet r102 - in trunk/samba4-ad-thesis: .
abartlet at samba.org
Tue Oct 26 22:13:39 GMT 2004
On Wed, 2004-10-27 at 06:41, Gémes Géza wrote:
> IMHO it is a very good status report, and explication of concepts, and
> actual problems. But I have a big question:
> You have mentioned in 12.1.2, that hdb-ldb contains plaintext passwords.
> This sounds strange to me, because in my knowledge it could contain, at
> a very first stage the NT hash of the password, also used in NTLMSSP
> connections. If it realy contains the plaintext, is the NT and the LM
> hash dinamicaly generated by Samba4 upon receiving an NTLMSSP connection?
Yes, that's how it works. We do actually store the NT and LM hash, if
that's all that the client gives us, but when we can, we store the
plaintext. This will no doubt change before release, and we will
instead store Kerberos keys, unless the 'store password with reversible
encryption' flags is set.
I'll clarify that.
Andrew Bartlett abartlet at samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20041027/1c445cbb/attachment.bin
More information about the samba-technical