Encrypt Passwords & Mixed Case Passwords
Gerald Carter
gcarter at valinux.com
Tue Dec 12 15:04:30 GMT 2000
"MCCALL,DON (HP-USA,ex1)" wrote:
>
> > If I recall correctly, when using "encrypt passwords = no"
> > , Samba will lookup the username/password via the
> > UNIX /etc/passwd file or equivalent. And as the password
> > can have mixed-case passwords, the "password level =
> > x" parameter is used to produce the number of permutations
> > of the user supplied password to see if it matches that
> > of the server.
>
> Correct.
> ^^^^^^^ Well, almost; it turns out that there is a check
> in the code to see if the password being supplied by the
> client is an 'encrypted' password (if len = 24, I believe),
> and if it IS, then it will just reject the authorization
> out of hand... So if you have a client who is NOT sending
> cleartext passwds, the unix user db (or nis) is never used...
> ****************
> if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) &&
> lp_null_passwords()))
> ****************
Very true. To me this would be a broken client though
as it is not honoring the password encryption bit set
by the server in the negprot response packet. :-)
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter at valinux.com
http://www.samba.org/ SAMBA Team jerry at samba.org
http://www.plainjoe.org/ jerry at plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba
mailing list