[Samba] passwd encryption
Andrew Bartlett
abartlet at pcug.org.au
Sat May 11 06:35:03 GMT 2002
Mohamed Aly wrote:
>
> john
> thanx for your reply but iam not agree with you coz i think that
> "Encrypt Passwords = yes" option is used just when other NT machines want to
> connect to your samba server coz NT by default using encrypted pass so i have
> to enable passwd encreption on my samba server and define the encreption
> passwd file for it .
> but iam asking about the reversed operation . when iam tring to connect to NT
> machine from smbclient command the passwd is encrypted as well or not ?
> "iam tring to be sure about it coz i dont want to let someone sniff my NT
> passwd :)) "
As I said in my other reply (and to ensure there is no confusion in the
archives):
As a client: Samba will encrypt passwords to an encrypting passwords
server IFF the server claims to support it. The 'encrypt passwords'
smb.conf paramater has no effect on samba *clients*.
However, there is presently no option that *requires* password
encryption, so sombody can use a MITM (man in the middle) attack to
'turn off' encrypted password support on the server. Similarly, Samba
always sends both the LM and NT passwords - the LM password can be
cracked in hours on modern PC hardware.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list