[Samba] passwords - windows - clear or hashed over wire?

Terry Davis tdavis at birddog.com
Mon Feb 4 23:32:05 GMT 2002 

well, I read this but doesn't make sense.
I sniffed port 139 for password information with no luck.  This 
behaviour does not make sense to me.  Why wasn't I able to see the 
password in clear form?


Chris Bünger wrote:

> I found this in the smb.conf man page:
> 
> The default behavior
>  is  to  use  PAM for clear text authentication only
>  and to ignore any account  or  session  management.
> 
> does this have something to do with your issue.
> 
> chris
> 
> ----- Original Message ----- 
> From: "Terry Davis" <tdavis at birddog.com>
> To: <samba at lists.samba.org>
> Sent: Monday, February 04, 2002 10:23 PM
> Subject: [Samba] passwords - windows - clear or hashed over wire?
> 
> 
> 
>>Hello,
>>
>>I am testing some things and coming up with weird results.
>>Here is the scoop:
>>
>>I have samba set to:
>>unix password sync = yes
>>pam password change = yes
>>
>>I am trying to test what is going on when I change a user's password 
>>from a windows box using the windows password utility.  Here is what 
>>happens.
>>
>>If I have /etc/pam.d/samba set to:
>>auth       required     pam_nologin.so
>>auth       required     pam_stack.so service=system-auth
>>account    required     pam_stack.so service=system-auth
>>session    required     pam_stack.so service=system-auth
>>password   required     pam_stack.so service=system-auth
>>
>>samba changes the smbpasswd file to update the changes I made in windows 
>>to the password.  It stores the passwords hashed as expected.
>>
>>If I set /etc/pam.d/samba to:
>>auth       required     pam_ldap.so
>>account    required     pam_ldap.so
>>session    required     pam_ldap.so
>>password   required     pam_ldap.so
>>
>>then samba changes the password in the ldap server.   This is great!! 
>>One problem, it changes the password in ldap to be clear!   How does it 
>>do this?  I didn't think windows sent the password accross the wire in 
>>the clear.
>>
>>Any smart people wanna figure this one out?
>>Thank you!
>>
>>-- 
>>Terry Davis
>>Systems Administrator
>>BirdDog Solutions, Inc.
>>(402) 829-6059
>>www.birddog.com
>>
>>
>>-- 
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  http://lists.samba.org/mailman/listinfo/samba
>>
>>
>>


-- 
Terry Davis
Systems Administrator
BirdDog Solutions, Inc.
(402) 829-6059
www.birddog.com

More information about the samba mailing list