[PATCH] Remove password level (now only lowercase the plaintext password, do not try combinations)
Simo
simo at samba.org
Tue Jun 11 06:37:03 MDT 2013
On 06/09/2013 08:25 PM, Andrew Bartlett wrote:
> On Sun, 2013-06-09 at 20:25 +1000, Andrew Bartlett wrote:
>> On Sat, 2013-06-08 at 08:49 -0400, Simo wrote:
>>> On 06/08/2013 12:13 AM, Andrew Bartlett wrote:
>>>> On Mon, 2013-06-03 at 11:15 +1000, Andrew Bartlett wrote:
>>>>> On Mon, 2013-06-03 at 10:19 +1000, Andrew Bartlett wrote:
>>>>>> I was looking at adding the deprecated flag to 'password level' so that
>>>>>> we could remove it in the future, and realised it was already
>>>>>> deprecated!
>>>>>>
>>>>>> So, given the discussion with Yannick, who has 'password level = 0' (ie,
>>>>>> the default) in his smb.conf, I think this is reasonable.
>>>>>>
>>>>>> That is, if your site relies on plaintext passwords from CIFS clients,
>>>>>> that the requirement be that the client pass the password in correctly,
>>>>>> or that you have the password in the system be in lower case.
>>>>>>
>>>>>> This does not impact encrypted passwords at all, and does not remove
>>>>>> support for any known client.
>>>>>>
>>>>>> Simo,
>>>>>>
>>>>>> I think I've addressed your concerns in my other mail, I agree my
>>>>>> description was confusing.
>>>>>>
>>>>>> Please review/comment/possibly push.
>>>>> Attached are two more patches to remove the remaining references.
>>>> Can I please have these patches reviewed?
>>>>
>>>> Thanks,
>>> Patch 1 ACK
>>>
>>> Patch 2:
>>> Please do not remove the whole section.
>>> I would change the first phrase just to say: "Very old SMB clients ..."
>>> Change last paragraph to:
>>> <para>Samba will try an additional all lower cased password
>>> authentication if it receives
>>> an all uppercase password. Samba used to support an option called
>>> "password level"
>>> that would try to crack password by trying all case permutations, but
>>> that option has been removed.</para>
>>>
>>> Patch 3:
>>> 3rd chunk now reads: 'However ... However ...' The original 'This means
>>> that..' is perfectly fine and avoids repetition, so I'd keep the
>>> original wording for that part. Ie I will keep it as: "This means that
>>> in order for a user on a Windows 9x/Me client to connect to a Samba
>>> server using clear-text authentication, the password should be in lower
>>> case.</para>
>> Thanks, I'll fix those changes up and get them back to you tomorrow.
> I think patch set this addresses your concerns.
>
> Please review/push.
>
> Thanks,
>
> Andrew Bartlett
>
I pushed it to autobuild, however I noticed that you still are missing
signed-off tags, I added my reviewed-by, but it would be nice if you
signed off.
Simo.
--
Simo Sorce
Samba Team Member <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list