trying to correctly handle account passwords via ldap
Jeremy Allison
jra at samba.org
Tue Mar 28 01:45:14 GMT 2006
On Mon, Mar 27, 2006 at 08:40:45PM -0500, simo wrote:
> On Tue, 2006-03-28 at 11:27 +1000, Luke Howard wrote:
> > >> http://www.insecure.org/sploits/WinNT.passwordhashes.deobfuscation.html
> > >
> > >gahh, I thought something new was used ... :-)
> >
> > There is an extra layer of encryption at the DRS layer.
>
> You mean they are stored with the old format but wrapped into something
> else when queried through DRS ?
>
> I assume the old format is used for compatibility in domain set in
> mixed-mode.
> Why then use a different format in DRS ?
Obfuscation - like in the registry. And according to Luke using
exactly the same method too :-).
Jeremy.
More information about the samba-technical
mailing list