SMBpassword and UNIX password sync?
Roeland M.J. Meyer
rmeyer at mhsc.com
Sat Feb 21 08:37:21 GMT 1998
At 04:10 20-02-98 +1100, Tim Winders wrote:
>I would like to implement samba encrypted passwords. I have read the
>ENCRYPTION.txt file and see how to create the initial (no access) smbpassd
>file from the UNIX /etc/passwd file, but it seems that each user (or root)
>then has to change their samba password. This is not practical for my
>uses.
>
>If I understand the encryption scheme then there is no way to initally
>read the /etc/passwd file and put THAT password into the smbpasswd file.
>So... my question...
It's really not an ecryption algorithm, it's a one-way hash. It can never
be de-crypted. However, because the salt value is stored as part of the
passwd, it is vulnerable to brute-force dictionary attacks.
>Is there anyway to syncronize the /etc/passwd and smbpasswd files such
>that when a user changes their UNIX passwd, their smbpasswd will
>automatically get created if one does not exist or changed their smbpasswd
>if one DOES exist?
Wrap both passwd amd smbpasswd, and maybe even yppasswd, with a perl/expect
script which will do this for all systems when the user does a passwd
change. We even are building a web-page/cgi-script that does this for our
users.
>I am running Digital Unix 4.0D, no shadow password, no C2. I am open to
>using a different UNIX passwd program if that will help. Thanks!
You *really* don't want to do that.
___________________________________________________
Roeland M.J. Meyer, ISOC (InterNIC RM993)
e-mail: mailto:rmeyer at mhsc.com
Personalweb pages: http://www.mhsc.com/~rmeyer
Company web-site: http://www.mhsc.com/
___________________________________________
Watch for the SecureMail system at MHSC.NET
More information about the samba
mailing list