[Samba] Password aging ...
abartlet at samba.org
Thu Oct 17 23:03:01 GMT 2002
"C.Lee Taylor" wrote:
> Greetings ...
> A quick question more to confirm a few things reguarding SMB passwords,
> which I hope might be able to look at for password aging.
> I saw some discussion on samba-tech list, but nothing conclusive.
> LM and NT hashs don't have a salt? Do they? ... In other words, a
> password "password" LM hashed, always comes out as
> "E52CAC67419A9A224A3B108F3FA6CB6D" not matter the case? Just checks,
> but I take it a password "password" NT hashed is case sencetive, but
> still no salt, which means one could search a DB of a large number of LM
> or NT hashed to crack a LM/NT hash?
Fun, isn't it :-)
Anyway, the passwords are 'paintext equivilant', so you don't even need
to crack them.
> I understand that we can't use PAM cracklib to do password sanity, but
> we could use all known hashs in a smb passwd DB, ie ... search ones
> local LDAP DB for matching LM/NT hashs and not accept password.
> But I think that the rpc's to look after password expire and sanity
> have not been finished, am I correct in this thinking?
Password expiry is implemented in Samba 3.0, password sainity not yet
implemented. (Patches welcome, see previous discussion).
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba