[Samba] passwords - windows - clear or hashed over wire?

Gerald Carter jerry at samba.org
Tue Feb 5 12:28:55 GMT 2002

On Mon, 4 Feb 2002, Terry Davis wrote:

> If I set /etc/pam.d/samba to:
> auth       required     pam_ldap.so
> account    required     pam_ldap.so
> session    required     pam_ldap.so
> password   required     pam_ldap.so
> then samba changes the password in the ldap server.   This is great!! 
> One problem, it changes the password in ldap to be clear!   How does it 
> do this?  I didn't think windows sent the password accross the wire in 
> the clear.

This will be a characteristic of the pam_ldap.so library.  You should use 
ssl when connecting to the LDAP server.  See the examples in the 
/etc/ldap.conf file include with your linux distribution.

chau, jerry
 Hewlett-Packard                                     http://www.hp.com
 SAMBA Team                                       http://www.samba.org
 --                                            http://www.plainjoe.org
 "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN 0-672-32269-2
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--

More information about the samba mailing list