[Samba] Samba 2.2.5 Security Bug?

Herb Lewis herb at sgi.com
Tue Oct 8 17:41:00 GMT 2002


jra at dp.samba.org wrote:
> 
> On Tue, Oct 08, 2002 at 10:31:00AM -0700, Herb Lewis wrote:
> >
> > According to the man page you use smbpasswd -n <username> to set the
> > NO PASSWORDXXXXX password. Empty passwords give a different password.
> > It looks like this was intentional but I'm not sure why.
> 
> No password is different from the password "" (an empty password).
> "" is actually hashed as an empty string and is a valid password,
> NO PASSWORD is  treated differently.
> 
> Jeremy.

I am assuming the NO PASSWORD will not allow a login. The null password
login should be controlled by the smb.conf parameter "null passwords".

-- 
======================================================================
Herb Lewis                               Silicon Graphics 
Networking Engineer                      1600 Amphitheatre Pkwy MS-510
Strategic Software Organization          Mountain View, CA  94043-1351
herb at sgi.com                             Tel: 650-933-2177
http://www.sgi.com                       Fax: 650-932-2177          
======================================================================



More information about the samba mailing list