[Samba] Password aging ...

Andrew Bartlett abartlet at samba.org
Thu Oct 17 23:03:01 GMT 2002


"C.Lee Taylor" wrote:
> 
> Greetings ...
> 
>         A quick question more to confirm a few things reguarding SMB passwords,
> which I hope might be able to look at for password aging.
> 
>         I saw some discussion on samba-tech list, but nothing conclusive.
> 
>         LM and NT hashs don't have a salt?  Do they? ... In other words, a
> password "password" LM hashed, always comes out as
> "E52CAC67419A9A224A3B108F3FA6CB6D" not matter the case?  Just checks,
> but I take it a password "password" NT hashed is case sencetive, but
> still no salt, which means one could search a DB of a large number of LM
> or NT hashed to crack a LM/NT hash?

Fun, isn't it :-)  

Anyway, the passwords are 'paintext equivilant', so you don't even need
to crack them.

>         I understand that we can't use PAM cracklib to do password sanity, but
> we could use all known hashs in a smb passwd DB, ie ... search ones
> local LDAP DB for matching LM/NT hashs and not accept password.
> 
>         But I think that the rpc's to look after password expire and sanity
> have not been finished, am I correct in this thinking?

Password expiry is implemented in Samba 3.0, password sainity not yet
implemented.  (Patches welcome, see previous discussion).

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net



More information about the samba mailing list