Encrypted and cleartext at the same time?

Simon Hyde shyde at poboxes.com
Mon Oct 13 16:40:42 GMT 1997 

On Tue, 14 Oct 1997 01:54:48 +1000, you wrote:

>>oo!  hey, i _like_ this idea!!!! "migrate passwords = yes" automatically 
>>generates entries in smbpasswd.  once verified, you still have the 
>>clear-text password, from which you can generate an smbpasswd entry.
>
>Are you talking about wishes here, or an already included option? I did not
>find this "migrate passwords" option, and my testparm (v.1.9.17p2)
>complains about it if I put it in the smb.conf file.
>
hehe...wishful thinking I'm afraid, he was only thinking about
implementing it.

>I would certainly agree with an option like this. I could imagine it in the
>following way:
>1. An option like
>	require encryption = yes/no
>to specify if you allow only encrypted authentication or clear text too.
>2. If "require encryption = no", then smbd would authenticate against
>smbpasswd first, if there is no entry for the user in smbpasswd then tries
>to authenticate using standard Unix passwords and fill in the appropriate
>the smbpasswd file entry, and if this fails then rejects then connection.
>Of course it would work only if you compiled Samba with -DUSE_LIBDES option
>(and others), and have
>	encrypt passwords = yes
>in smb.conf.
>
>This would work transparently to the user, if you set "require encryption =
>no":
>1. If the user already has a valid password entry in the smbpasswd file,
>then authentication is done using encrypted passwords.
>2. If the user does not have a valid password entry in the smbpasswd file,
>then authentication is done using standard Unix passwords, smbd fills out
>the password entry in the smbpasswd file, and any time after that the
>authentication will work according to 1.
>
I believe luke said this wouldn't work because encryption is
negotiated before any usernames are passed around. The migrate
passwords option would have to always require non-encrypted passwords
even if there was an entry in the smbpasswd file for the user already,
migrate passwords could be left on for a week or so to give people a
chance to login before then switching to encrypted passwords. You
could also try having multiple netbios names for the samba server, one
of which can do encrypted passwords and the other which doesn't do
encryption and you would have to do the user migration on the one that
doesn't.

>Summary: An administrator could allow "require encryption = no" for a
>couple of days/weeks so that the entries in the smbpasswd file are filled
>in as the users are using Samba, then setting "require encryption = yes"
>would work as it works now with "encrypt passwords = yes": only allowing
>encypted authentication.
>
>What do you think?
A nice idea, but sadly un-implementable

More information about the samba mailing list