Forcing plaintext password storage for Samba 4
angelos.oikonomopoulos at fp-commerce.de
Wed Nov 10 07:04:40 MST 2010
Oops, accidentally sent my reply to Stefan only.
On 11/10/2010 01:19 PM, Angelos Oikonomopoulos wrote:
> On 11/10/2010 12:54 PM, Stefan (metze) Metzmacher wrote:
>> Am 10.11.2010 12:26, schrieb Andrew Bartlett:
>>> On Wed, 2010-11-10 at 12:20 +0100, Angelos Oikonomopoulos wrote:
>>>> On 11/10/2010 10:27 AM, Stefan (metze) Metzmacher wrote:
>>>>> Hi Angelos,
>>>> Hello Stefan,
>>>> Would a program that can dump user passwords be welcome as part of
>>>> samba4? I think it would be too much of a hack. Perhaps it's a better
>>>> idea to add an option to store the plaintext password in a
>>>> samba-specific custom field?
>>> I think both would be quite good ideas. We would simply store the
>>> plaintext in userPassword, as it is an existing attribute in the schema.
>>> (to do so properly with replication from Windows, a module below
>>> replPropertyMetaData would need to intercept the writes to the blob, and
>>> read the password out and store it as UTF8).
>> I don't think that's a good idea, as you'll not get the plaintext
>> if the pw is changed on a windows dc.
>> However a small python script that dumps the cleartext from the
>> supplementalCredentials attribute would be nice to have.
> Hmm, unfortunately my python-fu is not great, but I'll go through the
> existing examples and see what I can do.
More information about the samba-technical