[Samba] Samba 2.2.5 Security Bug?
herb at sgi.com
Tue Oct 8 17:41:00 GMT 2002
jra at dp.samba.org wrote:
> On Tue, Oct 08, 2002 at 10:31:00AM -0700, Herb Lewis wrote:
> > According to the man page you use smbpasswd -n <username> to set the
> > NO PASSWORDXXXXX password. Empty passwords give a different password.
> > It looks like this was intentional but I'm not sure why.
> No password is different from the password "" (an empty password).
> "" is actually hashed as an empty string and is a valid password,
> NO PASSWORD is treated differently.
I am assuming the NO PASSWORD will not allow a login. The null password
login should be controlled by the smb.conf parameter "null passwords".
Herb Lewis Silicon Graphics
Networking Engineer 1600 Amphitheatre Pkwy MS-510
Strategic Software Organization Mountain View, CA 94043-1351
herb at sgi.com Tel: 650-933-2177
http://www.sgi.com Fax: 650-932-2177
More information about the samba