win2000 plaintext password
James Nord
teilo at cdt.luth.se
Sat Aug 26 11:31:28 GMT 2000
Jon Mitchell wrote:
>
> This is probably an FAQ, but my looking into the issue was unproductive.
> When connecting to a samba share from a win2000 professional machine, I
> get prompted for a password. Security is set to user on the samba
> machine. I reenter the same password as the local user that I login as,
> and then it accepts it.
>
> I'm not using encrypted passwords, but I have added the PlainTextPassword
> registry setting to the win2000 machine. Even when I have drives mapped
> upon login, the first drive always asks me to enter the password even
> though it's the same as the user's password. Is there anyway to fix this?
Upgrading to Encrypted passwords ;-)
This feature is by desing in Windows as sending your default credentials
to any server unencrypted is a HUGE security risk.
Imaging the case wher you have Computer A and Computer B. Both are
untrusted by the other users.
What you are wanting would go something like this
User C has an administrator account on Computer A and a normal account
on COmputer B.
User C is clever and knows that if he uses the same password on both
computers then D may be able to get access to his account on A
User D only has an administrator account on computer B.
User D is evil and wants an admin account on Computer A
When User C logs on to A he maps a drive on Computer B.
B is only using plaintext passwords.
A sends Cs username to B
A then sends Cs _LOGIN_ password to B unencrypted. (This is the wrong
password)
A the prompts C for his password to B. (A is then authenticated)
But B can snoop the network and find out A's password for B and gain
access to his machine there.
This is a simplified version of what would happen if Windows did what
you wanted.
Without this B could only get A's password for D. (and every other
computer that A connects to using plaintext passwords if A & B are on
the same subnet)
/James
--
Technology is a word that describes something that doesn't work yet.
Douglas Adams
More information about the samba
mailing list