svn commit: lorikeet r102 - in trunk/samba4-ad-thesis: .

Andrew Bartlett abartlet at
Tue Oct 26 22:13:39 GMT 2004

On Wed, 2004-10-27 at 06:41, Gémes Géza wrote:

> IMHO it is a very good status report, and explication of concepts, and 
> actual problems. But I have a big question:
> You have mentioned in 12.1.2, that hdb-ldb contains plaintext passwords.
> This sounds strange to me, because in my knowledge it could contain, at 
> a very first stage the NT hash of the password, also used in NTLMSSP 
> connections. If it realy contains the plaintext, is the NT and the LM 
> hash dinamicaly generated by Samba4 upon receiving an NTLMSSP connection?

Yes, that's how it works.  We do actually store the NT and LM hash, if
that's all that the client gives us, but when we can, we store the
plaintext.  This will no doubt change before release, and we will
instead store Kerberos keys, unless the 'store password with reversible
encryption' flags is set.

I'll clarify that.


Andrew Bartlett

Andrew Bartlett                                 abartlet at
Authentication Developer, Samba Team  
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list