[SCM] Samba Shared Repository - branch v3-2-test
updated - release-3-2-0pre2-2199-gcc23f91
Neal A. Lucier
nlucier at math.purdue.edu
Sat Apr 26 18:26:21 GMT 2008
Andreas Schneider wrote:
>
> Windows versions above Windows 98 (Windows 2000, XP and above including
> Samba), support passwords up to 127 characters.
>
> There is a patch on the linux-cifs mailinglist to extend the password
> check.
>
> http://lists.samba.org/archive/linux-cifs-client/2008-January/002606.html
>
> So shouldn't MOUNT_PASSWD_SIZE set to 128 and the patch from the
> mailinglist applied too?
>
Windows actually supports password lengths up to 255, the max for their
hashing algorithm in NTLM.
However, the Windows GUI login box (that entire API, so where ever it is
called in Windows, not just the initial Login window; e.g. the password
change dialog box, the RunAs GUI, the mount a drive GUI) can only accept
127 characters in the password field.
So if you access the account in a method other than a GUI login (this
includes things like accounts used in starting/stopping "Services", or
change the password in a method other than using the GUI) than the
entire 255 character password is valid. (It's valid in the GUI too,
just impossible to enter.)
Since none of the non-Windows Samba clients have issues with entering in
a 255 character string for a password, I suggest the max should be set
to 256, the actual max used in Windows.
I read this in an MS whitepaper which I can dig up, (I realize I'm not
very authoritative on this list) but I went through all this when I was
synchronizing an LDAP data store that used salted SHA-1 for passwords
with ADS on Windows 2003 to make sure my password policies were consistent.
Neal
More information about the samba-technical
mailing list