[PATCH] Remove password level (now only lowercase the plaintext password, do not try combinations)
Simo
simo at samba.org
Sat Jun 8 06:49:05 MDT 2013
On 06/08/2013 12:13 AM, Andrew Bartlett wrote:
> On Mon, 2013-06-03 at 11:15 +1000, Andrew Bartlett wrote:
>> On Mon, 2013-06-03 at 10:19 +1000, Andrew Bartlett wrote:
>>> I was looking at adding the deprecated flag to 'password level' so that
>>> we could remove it in the future, and realised it was already
>>> deprecated!
>>>
>>> So, given the discussion with Yannick, who has 'password level = 0' (ie,
>>> the default) in his smb.conf, I think this is reasonable.
>>>
>>> That is, if your site relies on plaintext passwords from CIFS clients,
>>> that the requirement be that the client pass the password in correctly,
>>> or that you have the password in the system be in lower case.
>>>
>>> This does not impact encrypted passwords at all, and does not remove
>>> support for any known client.
>>>
>>> Simo,
>>>
>>> I think I've addressed your concerns in my other mail, I agree my
>>> description was confusing.
>>>
>>> Please review/comment/possibly push.
>> Attached are two more patches to remove the remaining references.
> Can I please have these patches reviewed?
>
> Thanks,
Patch 1 ACK
Patch 2:
Please do not remove the whole section.
I would change the first phrase just to say: "Very old SMB clients ..."
Change last paragraph to:
<para>Samba will try an additional all lower cased password
authentication if it receives
an all uppercase password. Samba used to support an option called
"password level"
that would try to crack password by trying all case permutations, but
that option has been removed.</para>
Patch 3:
3rd chunk now reads: 'However ... However ...' The original 'This means
that..' is perfectly fine and avoids repetition, so I'd keep the
original wording for that part. Ie I will keep it as: "This means that
in order for a user on a Windows 9x/Me client to connect to a Samba
server using clear-text authentication, the password should be in lower
case.</para>
Simo.
--
Simo Sorce
Samba Team Member <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list