crypted SMB passwords: security issue only on Unix ?

Jacques Gelinas jack at solucorp.qc.ca
Thu Oct 16 12:59:07 GMT 1997


I have been reading the FAQ on the SMB crypted passwords. This FAQ states
that there is a security issue. Mostly, if someone manage to grab a copy
of my smbpasswd file and has access to a modified client, he can access my
share without really knowing the original password (He supply the crypted
one only). I understand pretty well the issue here. 

It seems that NT does not have this problem, or at least try to cope
with it (Well they could have fixed the protocol for one and this would
have solved the problem!). Sounds like NT passwords are stored in a
protected area (not part of the file system) and they are further
protected by a key. So the crypted passwords are more difficult to read.
(while probably not impossible to steal)

Anyone can confirm this ?

--------------------------------------------------------
Jacques Gelinas (jacques at solucorp.qc.ca)
Linuxconf: The ultimate administration system for Linux.
see http://www.solucorp.qc.ca/linuxconf
new developments: mail to fax gateway, Apache, Samba




More information about the samba mailing list