[Samba] Password aging ...
Andrew Bartlett
abartlet at samba.org
Thu Oct 17 23:03:01 GMT 2002
"C.Lee Taylor" wrote:
>
> Greetings ...
>
> A quick question more to confirm a few things reguarding SMB passwords,
> which I hope might be able to look at for password aging.
>
> I saw some discussion on samba-tech list, but nothing conclusive.
>
> LM and NT hashs don't have a salt? Do they? ... In other words, a
> password "password" LM hashed, always comes out as
> "E52CAC67419A9A224A3B108F3FA6CB6D" not matter the case? Just checks,
> but I take it a password "password" NT hashed is case sencetive, but
> still no salt, which means one could search a DB of a large number of LM
> or NT hashed to crack a LM/NT hash?
Fun, isn't it :-)
Anyway, the passwords are 'paintext equivilant', so you don't even need
to crack them.
> I understand that we can't use PAM cracklib to do password sanity, but
> we could use all known hashs in a smb passwd DB, ie ... search ones
> local LDAP DB for matching LM/NT hashs and not accept password.
>
> But I think that the rpc's to look after password expire and sanity
> have not been finished, am I correct in this thinking?
Password expiry is implemented in Samba 3.0, password sainity not yet
implemented. (Patches welcome, see previous discussion).
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list