[Samba] passwords - windows - clear or hashed over wire?

Chris Bünger cb at trimon.de
Mon Feb 4 23:07:05 GMT 2002

I found this in the smb.conf man page:

The default behavior
 is  to  use  PAM for clear text authentication only
 and to ignore any account  or  session  management.

does this have something to do with your issue.


----- Original Message ----- 
From: "Terry Davis" <tdavis at birddog.com>
To: <samba at lists.samba.org>
Sent: Monday, February 04, 2002 10:23 PM
Subject: [Samba] passwords - windows - clear or hashed over wire?

> Hello,
> I am testing some things and coming up with weird results.
> Here is the scoop:
> I have samba set to:
> unix password sync = yes
> pam password change = yes
> I am trying to test what is going on when I change a user's password 
> from a windows box using the windows password utility.  Here is what 
> happens.
> If I have /etc/pam.d/samba set to:
> auth       required     pam_nologin.so
> auth       required     pam_stack.so service=system-auth
> account    required     pam_stack.so service=system-auth
> session    required     pam_stack.so service=system-auth
> password   required     pam_stack.so service=system-auth
> samba changes the smbpasswd file to update the changes I made in windows 
> to the password.  It stores the passwords hashed as expected.
> If I set /etc/pam.d/samba to:
> auth       required     pam_ldap.so
> account    required     pam_ldap.so
> session    required     pam_ldap.so
> password   required     pam_ldap.so
> then samba changes the password in the ldap server.   This is great!! 
> One problem, it changes the password in ldap to be clear!   How does it 
> do this?  I didn't think windows sent the password accross the wire in 
> the clear.
> Any smart people wanna figure this one out?
> Thank you!
> -- 
> Terry Davis
> Systems Administrator
> BirdDog Solutions, Inc.
> (402) 829-6059
> www.birddog.com
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list