What is PCNS?

Christopher R. Hertel crh at ubiqx.mn.org
Tue Apr 5 20:36:32 GMT 2005

Sat through a presentation on MIIS today.  MIIS is supposed to be a 
"metadirectory" that allows you to keep multiple directories (AD, NDS, 
etc.) in sync.

I asked about password sync, and was told that there's something called 
PCNS that can "capture" the plaintext password when the user changes their 
password on a Windows client, and then use that plaintext password to 
create whatever hashes are needed.

Thing is, PCNS (according to the MS SE) runs on the domain controller, 
and is accessed via secure RPC.  That'd mean that the client is actually 
sending the (encrypted) plaintext password over the wire to the DC.

What has me confused is that it was my understanding that Windows clients, 
when performing a password change, only sent the (encrypted) hashes.  Has 
this changed or is there something new in PCNS?


Chris -)-----

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the samba-technical mailing list