[Samba] Encryption

Andrew Bartlett abartlet at samba.org
Tue Nov 5 05:45:00 GMT 2002


On Tue, 2002-11-05 at 16:49, Howard Huntley Jr. wrote:
> I compiled the source, My understand is that the encryption support has to
> be compiled
> into the binary. If not the "encrypt passwords = Yes" function in smb.conf.
> is meaning less,

Your understanding is incorrect.  Samba's support for the LM and NTLM
challenge-response authentication scheme ('encrypted passwords') is
compiled into every Samba installation since well before 2.0.

The option controls the use of that authentication scheme, because it
cannot be used with a standard /etc/passwd file, nor PAM's
authentication support.  As such, some sites prefer that it be disabled
for integration into their existing systems.  (You must maintain an
smbpasswd file manually, or integrate into an existing NT-compatible
domain).

Use of 'encrypt passwords = yes' is highly recommended, not only for
network security, but also for client interoperability - there are weird
bugs in MS products when using plain-text passwords.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20021105/c1674def/attachment.bin


More information about the samba mailing list