Never send the LM response on cached credentials

Andrew Bartlett abartlet at samba.org
Tue Aug 29 05:51:36 GMT 2006


On Mon, 2006-08-28 at 22:23 -0700, Jeremy Allison wrote:
> On Tue, Aug 29, 2006 at 12:49:02PM +1000, Andrew Bartlett wrote:
> > 
> > What I would like to do is have a higher standard for the cached
> > credentials (as they are being sent without prompting).  
> 
> I'm not sure what you mean by being sent "without prompting" ?

Isn't the purpose of this to allow automatic login to websites, without
prompting the user for a password?

> > However, for this new code and functionality, and given that we are
> > adding a new feature that operates automatically, without user
> > interaction, I would like a higher, more secure standard.
> 
> We're obeying the settings in the smb.conf for NTLM
> auth. What more do you expect ?

Our defaults here suck.  They let users down by exposing cleartext
passwords.  

> I guess I'm unsure what the problem you're having with this
> is. Can you explain a little more clearly what you'd like
> this to do ?

For this new functionality, for the safety of our users, I want stronger
defaults.

Saying that the user can turn on security is a cop-out, if it isn't
there by default, because nobody will turn it on.  People didn't turn on
encrypted passwords in Samba (they registry fixed the client) until we
changed the default.  I think the same should apply here.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060829/0a53406f/attachment.bin


More information about the samba-technical mailing list