Never send the LM response on cached credentials

Andrew Bartlett abartlet at samba.org
Tue Aug 29 02:49:02 GMT 2006


On Mon, 2006-08-28 at 19:42 -0700, Jeremy Allison wrote:
> On Tue, Aug 29, 2006 at 11:48:32AM +1000, Andrew Bartlett wrote:
> > 
> > Have we progressed anywhere on this?  I'm concerned that if we allow
> > userspace applications to request a user's LM response, then it becomes
> > very easy to crack a user's logon password.
> > 
> > Likewise if we allow a userspace application to ask for an NT response,
> > without NTLM2 or NTLMv2 negotiated.  
> 
> Ok, we can restrict this in the winbindd side, as that is
> what is creating the ntlmssp blob. If "no LM" is set in the
> smb.conf, then winbindd won't return the easy to crack creds.
> 
> If it doesn't work that way, it's an easy fix to add, as
> everything is centralized in winbindd for the "single sign on"
> "cached credentials" code.
> 
> Does that make sense ?

What I would like to do is have a higher standard for the cached
credentials (as they are being sent without prompting).  

I think it's poor that we send the plaintext or LM password (after
prompting the user), but we can't change that without breaking backward
compatibility.

However, for this new code and functionality, and given that we are
adding a new feature that operates automatically, without user
interaction, I would like a higher, more secure standard.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060829/b28c4734/attachment.bin


More information about the samba-technical mailing list