[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2199-gcc23f91

Neal A. Lucier nlucier at math.purdue.edu
Sat Apr 26 18:26:21 GMT 2008

Andreas Schneider wrote:
> Windows versions above Windows 98 (Windows 2000, XP and above including 
> Samba), support passwords up to 127 characters.
> There is a patch on the linux-cifs mailinglist to extend the password 
> check.
> http://lists.samba.org/archive/linux-cifs-client/2008-January/002606.html
> So shouldn't MOUNT_PASSWD_SIZE set to 128 and the patch from the 
> mailinglist applied too?

Windows actually supports password lengths up to 255, the max for their 
hashing algorithm in NTLM.

However, the Windows GUI login box (that entire API, so where ever it is 
called in Windows, not just the initial Login window; e.g. the password 
change dialog box, the RunAs GUI, the mount a drive GUI) can only accept 
127 characters in the password field.

So if you access the account in a method other than a GUI login (this 
includes things like accounts used in starting/stopping "Services", or 
change the password in a method other than using the GUI) than the 
entire 255 character password is valid.  (It's valid in the GUI too, 
just impossible to enter.)

Since none of the non-Windows Samba clients have issues with entering in 
a 255 character string for a password, I suggest the max should be set 
to 256, the actual max used in Windows.

I read this in an MS whitepaper which I can dig up, (I realize I'm not 
very authoritative on this list) but I went through all this when I was 
synchronizing an LDAP data store that used salted SHA-1 for passwords 
with ADS on Windows 2003 to make sure my password policies were consistent.


More information about the samba-technical mailing list