More than one password server? (PR#1609)

Luke Kenneth Casson Leighton lkcl at
Sun Nov 9 13:12:46 GMT 1997

On Sun, 9 Nov 1997, Andrew Tridgell wrote:

> > right.  the reason is because the loop in server_cryptkey() is checking 
> > for a "valid password server", not a "valid password server and also 
> > checking the password".
> > 
> > so, some more mods are needed.  namely, to combine the server_cryptkey() 
> > and server_validate() functionality in some simple way.
> Not possible I'm afraid!
> The server cryptkey will be different for each password server. The client
> uses it to encrypt the password. The resulting 24 byte hashed password
> is only any use to the server that generated the cryptkey.
> It is split into two functions because one of the functions has to be
> called before the client sends the password, and one after.

i've been looking at this code a little more closely - you're absolutely 
right, andrew.

so, there are two possible solutions to the original problem (having two 
password servers which don't have a trust relationship)

1) set up a trust relationship
2) use the include mechanism and NIS netgroups, to sub-divide the users.  
this will need further exploration.


<a href="mailto:lkcl at"  > Luke Kenneth Casson Leighton  </a>
<a href=""> Samba Consultancy and Support </a>

More information about the samba mailing list