Encrypt Passwords & Mixed Case Passwords
MCCALL,DON (HP-USA,ex1)
don_mccall at hp.com
Mon Dec 11 20:34:14 GMT 2000
-----Original Message-----
From: Gerald Carter [mailto:gcarter at valinux.com]
Sent: Saturday, December 09, 2000 3:46 PM
To: Chen Shiyuan
Cc: samba at samba.org
Subject: Re: Encrypt Passwords & Mixed Case Passwords
Chen Shiyuan wrote:
>
> If I recall correctly, when using "encrypt passwords = no"
> , Samba will lookup the username/password via the
> UNIX /etc/passwd file or equivalent. And as the password
> can have mixed-case passwords, the "password level =
> x" parameter is used to produce the number of permutations
> of the user supplied password to see if it matches that
> of the server.
Correct.
^^^^^^^ Well, almost; it turns out that there is a check in the code to see
if the password being supplied by the client is an 'encrypted' password (if
len = 24, I believe), and if it IS, then it will just reject the
authorization out of hand... So if you have a client who is NOT sending
cleartext passwds, the unix user db (or nis) is never used...
****************
if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) &&
lp_null_passwords()))
****************
> But what about when using "encrypt passwords = yes" ?
> Is the "password level = x" parameter still needed? Will
> the mixed case password issue still occur or will the
> passwords all be converted into UPPPER or lower
> case and then stored in the /etc/smbpasswd file?
password level has no effect when using encrypt
passwords = yes as the clear text of the password
is never used.
-- Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter at valinux.com
http://www.samba.org/ SAMBA Team jerry at samba.org
http://www.plainjoe.org/ jerry at plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba
mailing list