win2000 plaintext password

[James Nord]

Jon Mitchell wrote:
> 
> This is probably an FAQ, but my looking into the issue was unproductive.
> When connecting to a samba share from a win2000 professional machine, I
> get prompted for a password.  Security is set to user on the samba
> machine.  I reenter the same password as the local user that I login as,
> and then it accepts it.
> 
> I'm not using encrypted passwords, but I have added the PlainTextPassword
> registry setting to the win2000 machine.  Even when I have drives mapped
> upon login, the first drive always asks me to enter the password even
> though it's the same as the user's password.  Is there anyway to fix this?

Upgrading to Encrypted passwords ;-)

This feature is by desing in Windows as sending your default credentials
to any server unencrypted is a HUGE security risk.

Imaging the case wher you have Computer A and Computer B.  Both are
untrusted by the other users.
What you are wanting would go something like this

User C has an administrator account on Computer A and a normal account
on COmputer B.

User C is clever and knows that if he uses the same password on both
computers then D may be able to get access to his account on A

User D only has an administrator account on computer B.

User D is evil and wants an admin account on Computer A

When User C logs on to A he maps a drive on Computer B.
B is only using plaintext passwords.
A sends Cs username to B
A then sends Cs _LOGIN_ password to B unencrypted.  (This is the wrong
password)
A the prompts C for his password to B. (A is then authenticated)

But B can snoop the network and find out A's password for B and gain
access to his machine there.

This is a simplified version of what would happen if Windows did what
you wanted.
Without this B could only get A's password for D. (and every other
computer that A connects to using plaintext passwords if A & B are on
the same subnet)

/James

--
Technology is a word that describes something that doesn't work yet.
	Douglas Adams