[PATCH] Remove password level (now only lowercase the plaintext password, do not try combinations)

Simo simo at samba.org
Tue Jun 11 06:37:03 MDT 2013

On 06/09/2013 08:25 PM, Andrew Bartlett wrote:
> On Sun, 2013-06-09 at 20:25 +1000, Andrew Bartlett wrote:
>> On Sat, 2013-06-08 at 08:49 -0400, Simo wrote:
>>> On 06/08/2013 12:13 AM, Andrew Bartlett wrote:
>>>> On Mon, 2013-06-03 at 11:15 +1000, Andrew Bartlett wrote:
>>>>> On Mon, 2013-06-03 at 10:19 +1000, Andrew Bartlett wrote:
>>>>>> I was looking at adding the deprecated flag to 'password level' so that
>>>>>> we could remove it in the future, and realised it was already
>>>>>> deprecated!
>>>>>> So, given the discussion with Yannick, who has 'password level = 0' (ie,
>>>>>> the default) in his smb.conf, I think this is reasonable.
>>>>>> That is, if your site relies on plaintext passwords from CIFS clients,
>>>>>> that the requirement be that the client pass the password in correctly,
>>>>>> or that you have the password in the system be in lower case.
>>>>>> This does not impact encrypted passwords at all, and does not remove
>>>>>> support for any known client.
>>>>>> Simo,
>>>>>> I think I've addressed your concerns in my other mail, I agree my
>>>>>> description was confusing.
>>>>>> Please review/comment/possibly push.
>>>>> Attached are two more patches to remove the remaining references.
>>>> Can I please have these patches reviewed?
>>>> Thanks,
>>> Patch 1 ACK
>>> Patch 2:
>>> Please do not remove the whole section.
>>> I would change the first phrase just to say: "Very old SMB clients ..."
>>> Change last paragraph to:
>>> <para>Samba will try an additional all lower cased password
>>> authentication if it receives
>>> an all uppercase password. Samba used to support an option called
>>> "password level"
>>> that would try to crack password by trying all case permutations, but
>>> that option has been removed.</para>
>>> Patch 3:
>>> 3rd chunk now reads: 'However ... However ...' The original  'This means
>>> that..' is perfectly fine and avoids repetition, so I'd keep the
>>> original wording for that part. Ie I will keep it as: "This means that
>>> in order for a user on a Windows 9x/Me client to connect to a Samba
>>> server using clear-text authentication, the password should be in lower
>>> case.</para>
>> Thanks, I'll fix those changes up and get them back to you tomorrow.
> I think patch set this addresses your concerns.
> Please review/push.
> Thanks,
> Andrew Bartlett

I pushed it to autobuild, however I noticed that you still are missing 
signed-off tags, I added my reviewed-by, but it would be nice if you 
signed off.


Simo Sorce
Samba Team Member <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>

More information about the samba-technical mailing list