[PROPOSAL] Remove password level (or all plaintext passwords?) for 4.1

yaberger at ca.ibm.com yaberger at ca.ibm.com
Mon May 27 06:42:20 MDT 2013 

Hi Andrew,

Our current password level is the default (0)
/usr/local/samba/sbin/smbd -V
Version 3.6.5
/usr/local/samba/bin/testparm -vs 2>&1 |grep "password level"
        password level = 0
So my understanding is that your patch could only attempt the password 
received and if it fails, try it with the password in lowercase.


If you need me to test your patch, it would be possible but I would need 
to know against which version/branch.
As I've showed earlier, we are currently using Samba 3.6.5.
I know this version is working well for us but don't know yet for 3.6.15, 
4.0.6 or the git branch master, v4-0-test and v3-6-test.
I would first need to make one of these works without your patch, then 
with your patch, then request the system owners to test each of their 
platform against this test Samba server.

We already know that we need to update our Samba 3.6.5 before April 8, 
2014 and our current plan is to pick the latest 3.6 release available at 
that time.
The next update (after April 2014) may be to move to 4.x.


Best regards,

Yannick Bergeron
450 534-7711
yaberger at ca.ibm.com
Advisory IT Specialist

Never say never, say "it depends" / Ne jamais dire jamais, dites "ca 
dépend"



From:   Andrew Bartlett <abartlet at samba.org>
To:     yaberger at ca.ibm.com, 
Cc:     samba-technical at lists.samba.org
Date:   05/27/2013 07:55 AM
Subject:        Re: [PROPOSAL] Remove password level (or all plaintext 
passwords?) for 4.1



On Mon, 2013-05-27 at 07:39 -0400, yaberger at ca.ibm.com wrote:
> Hi Andrew,
> 
> Here is a first list of clients that are using our Samba file service.
> There will be a few more under "Other network devices" that I'll send in 

> another email once I'll have received it.
> I should also know which DOS flavor/version is being used in the 
upcoming 
> days.

Thanks.  How much are you able to test in this environment?

If I gave you a patch that removed 'password level' and with it the
password cracker (upper/lower case transition), could you verify if it
still works well enough for your clients?

The code is ugly, but it is very much contained and I don't need to
remove it in the face of an active user participating on the mailing
list, because if we break it, we know you will be able to work with us
promptly. 

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list