trying to correctly handle account passwords via ldap

Jeremy Allison jra at samba.org
Tue Mar 28 01:45:14 GMT 2006


On Mon, Mar 27, 2006 at 08:40:45PM -0500, simo wrote:
> On Tue, 2006-03-28 at 11:27 +1000, Luke Howard wrote:
> > >> http://www.insecure.org/sploits/WinNT.passwordhashes.deobfuscation.html
> > >
> > >gahh, I thought something new was used ... :-)
> > 
> > There is an extra layer of encryption at the DRS layer.
> 
> You mean they are stored with the old format but wrapped into something
> else when queried through DRS ?
> 
> I assume the old format is used for compatibility in domain set in
> mixed-mode.
> Why then use a different format in DRS ?

Obfuscation - like in the registry. And according to Luke using
exactly the same method too :-).

Jeremy.


More information about the samba-technical mailing list