[Samba] Password aging ...

C.Lee Taylor leet at leenx.co.za
Thu Oct 17 15:42:00 GMT 2002

Greetings ...

	A quick question more to confirm a few things reguarding SMB passwords, 
which I hope might be able to look at for password aging.

	I saw some discussion on samba-tech list, but nothing conclusive.

	LM and NT hashs don't have a salt?  Do they? ... In other words, a 
password "password" LM hashed, always comes out as 
"E52CAC67419A9A224A3B108F3FA6CB6D" not matter the case?  Just checks, 
but I take it a password "password" NT hashed is case sencetive, but 
still no salt, which means one could search a DB of a large number of LM 
or NT hashed to crack a LM/NT hash?

	I understand that we can't use PAM cracklib to do password sanity, but 
we could use all known hashs in a smb passwd DB, ie ... search ones 
local LDAP DB for matching LM/NT hashs and not accept password.

	But I think that the rpc's to look after password expire and sanity 
have not been finished, am I correct in this thinking?


More information about the samba mailing list