[Samba] Password aging ...

Andrew Bartlett abartlet at samba.org
Thu Oct 17 23:03:01 GMT 2002

"C.Lee Taylor" wrote:
> Greetings ...
>         A quick question more to confirm a few things reguarding SMB passwords,
> which I hope might be able to look at for password aging.
>         I saw some discussion on samba-tech list, but nothing conclusive.
>         LM and NT hashs don't have a salt?  Do they? ... In other words, a
> password "password" LM hashed, always comes out as
> "E52CAC67419A9A224A3B108F3FA6CB6D" not matter the case?  Just checks,
> but I take it a password "password" NT hashed is case sencetive, but
> still no salt, which means one could search a DB of a large number of LM
> or NT hashed to crack a LM/NT hash?

Fun, isn't it :-)  

Anyway, the passwords are 'paintext equivilant', so you don't even need
to crack them.

>         I understand that we can't use PAM cracklib to do password sanity, but
> we could use all known hashs in a smb passwd DB, ie ... search ones
> local LDAP DB for matching LM/NT hashs and not accept password.
>         But I think that the rpc's to look after password expire and sanity
> have not been finished, am I correct in this thinking?

Password expiry is implemented in Samba 3.0, password sainity not yet
implemented.  (Patches welcome, see previous discussion).

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list