[PATCH] Remove password level (now only lowercase the plaintext password, do not try combinations)
Andrew Bartlett
abartlet at samba.org
Sun Jun 9 04:25:59 MDT 2013
On Sat, 2013-06-08 at 08:49 -0400, Simo wrote:
> On 06/08/2013 12:13 AM, Andrew Bartlett wrote:
> > On Mon, 2013-06-03 at 11:15 +1000, Andrew Bartlett wrote:
> >> On Mon, 2013-06-03 at 10:19 +1000, Andrew Bartlett wrote:
> >>> I was looking at adding the deprecated flag to 'password level' so that
> >>> we could remove it in the future, and realised it was already
> >>> deprecated!
> >>>
> >>> So, given the discussion with Yannick, who has 'password level = 0' (ie,
> >>> the default) in his smb.conf, I think this is reasonable.
> >>>
> >>> That is, if your site relies on plaintext passwords from CIFS clients,
> >>> that the requirement be that the client pass the password in correctly,
> >>> or that you have the password in the system be in lower case.
> >>>
> >>> This does not impact encrypted passwords at all, and does not remove
> >>> support for any known client.
> >>>
> >>> Simo,
> >>>
> >>> I think I've addressed your concerns in my other mail, I agree my
> >>> description was confusing.
> >>>
> >>> Please review/comment/possibly push.
> >> Attached are two more patches to remove the remaining references.
> > Can I please have these patches reviewed?
> >
> > Thanks,
>
> Patch 1 ACK
>
> Patch 2:
> Please do not remove the whole section.
> I would change the first phrase just to say: "Very old SMB clients ..."
> Change last paragraph to:
> <para>Samba will try an additional all lower cased password
> authentication if it receives
> an all uppercase password. Samba used to support an option called
> "password level"
> that would try to crack password by trying all case permutations, but
> that option has been removed.</para>
>
> Patch 3:
> 3rd chunk now reads: 'However ... However ...' The original 'This means
> that..' is perfectly fine and avoids repetition, so I'd keep the
> original wording for that part. Ie I will keep it as: "This means that
> in order for a user on a Windows 9x/Me client to connect to a Samba
> server using clear-text authentication, the password should be in lower
> case.</para>
Thanks, I'll fix those changes up and get them back to you tomorrow.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list