[SAMBA4] How should we store password hashes?

simo idra at samba.org
Tue Feb 13 13:38:02 GMT 2007

On Tue, 2007-02-13 at 10:34 +0100, Stefan (metze) Metzmacher wrote:
> Hash: SHA1
> Hi,
> As we now know how the password fields are replicated,
> I was thinking about how we should store them in our ldb.
> I'd like to store them exactly are they're replicated,
> (just without the session specific encryption). So that
> the following attributes are stored rid crypted:
> unicodePwd, ntPwdHistory, dBCSPwd and lmPwdHistory.

I am ok to store them in the same format if it is reasonable,
but why do you want to keep them rid obfuscated?

> And the functions to access the hashes, like samdb_result_hash(), will
> rid (de)crypt them on the fly.
> I have a patch which passes the rid to this functions, to fix all the
> callers (but it still uses the samba specific attributes and didn't to
> rid crypt)
> Comments please:-)

It seem to me you are not keeping the crc32, is there a reason to rid
obfuscate hashes and not keep it?

Anything else looks good on a v. quick look.


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org

More information about the samba-technical mailing list