Encrypt Passwords & Mixed Case Passwords

Tue Dec 12 15:04:30 GMT 2000

"MCCALL,DON (HP-USA,ex1)" wrote:
> 
> > If I recall correctly, when using "encrypt passwords = no"
> > , Samba will lookup the username/password via the
> > UNIX /etc/passwd file or equivalent.  And as the password
> > can have mixed-case passwords, the "password level =
> > x" parameter is used to produce the number of permutations
> > of the user supplied password to see if it matches that
> > of the server.
> 
> Correct.
> ^^^^^^^ Well, almost; it turns out that there is a check 
> in the code to see if the password being supplied by the 
> client is an 'encrypted' password (if len = 24, I believe), 
> and if it IS, then it will just reject the authorization 
> out of hand...  So if you have a client who is NOT sending
> cleartext passwds, the unix user db (or nis) is never used...
> ****************
>  if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) &&
> lp_null_passwords()))
> ****************

Very true.  To me this would be a broken client though 
as it is not honoring the password encryption bit set 
by the server in the negprot response packet.  :-)

Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter at valinux.com
       http://www.samba.org/       SAMBA Team          jerry at samba.org
       http://www.plainjoe.org/                     jerry at plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )