What is PCNS?
Christopher R. Hertel
crh at ubiqx.mn.org
Tue Apr 5 20:36:32 GMT 2005
Sat through a presentation on MIIS today. MIIS is supposed to be a
"metadirectory" that allows you to keep multiple directories (AD, NDS,
etc.) in sync.
I asked about password sync, and was told that there's something called
PCNS that can "capture" the plaintext password when the user changes their
password on a Windows client, and then use that plaintext password to
create whatever hashes are needed.
Thing is, PCNS (according to the MS SE) runs on the domain controller,
and is accessed via secure RPC. That'd mean that the client is actually
sending the (encrypted) plaintext password over the wire to the DC.
What has me confused is that it was my understanding that Windows clients,
when performing a password change, only sent the (encrypted) hashes. Has
this changed or is there something new in PCNS?
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical