[PATCH] Remove password level (now only lowercase the plaintext password, do not try combinations)

Andrew Bartlett abartlet at samba.org
Sun Jun 9 04:25:59 MDT 2013 

On Sat, 2013-06-08 at 08:49 -0400, Simo wrote:
> On 06/08/2013 12:13 AM, Andrew Bartlett wrote:
> > On Mon, 2013-06-03 at 11:15 +1000, Andrew Bartlett wrote:
> >> On Mon, 2013-06-03 at 10:19 +1000, Andrew Bartlett wrote:
> >>> I was looking at adding the deprecated flag to 'password level' so that
> >>> we could remove it in the future, and realised it was already
> >>> deprecated!
> >>>
> >>> So, given the discussion with Yannick, who has 'password level = 0' (ie,
> >>> the default) in his smb.conf, I think this is reasonable.
> >>>
> >>> That is, if your site relies on plaintext passwords from CIFS clients,
> >>> that the requirement be that the client pass the password in correctly,
> >>> or that you have the password in the system be in lower case.
> >>>
> >>> This does not impact encrypted passwords at all, and does not remove
> >>> support for any known client.
> >>>
> >>> Simo,
> >>>
> >>> I think I've addressed your concerns in my other mail, I agree my
> >>> description was confusing.
> >>>
> >>> Please review/comment/possibly push.
> >> Attached are two more patches to remove the remaining references.
> > Can I please have these patches reviewed?
> >
> > Thanks,
> 
> Patch 1 ACK
> 
> Patch 2:
> Please do not remove the whole section.
> I would change the first phrase just to say: "Very old SMB clients ..."
> Change last paragraph to:
> <para>Samba will try an additional all lower cased password 
> authentication if it receives
> an all uppercase password. Samba used to support an option called 
> "password level"
> that would try to crack password by trying all case permutations, but 
> that option has been removed.</para>
> 
> Patch 3:
> 3rd chunk now reads: 'However ... However ...' The original  'This means 
> that..' is perfectly fine and avoids repetition, so I'd keep the 
> original wording for that part. Ie I will keep it as: "This means that 
> in order for a user on a Windows 9x/Me client to connect to a Samba 
> server using clear-text authentication, the password should be in lower 
> case.</para>

Thanks, I'll fix those changes up and get them back to you tomorrow.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list