[Samba] samba authentication
Greg Freemyer
freemyer at NorcrossGroup.com
Mon Feb 24 17:09:23 GMT 2003
I had a security hole that let a hacker get access to my passwd file one time.
I wasn't using shadow passwords because I thought the machine only would have =
authorized users.
Within 48 hours of the hole being announced on a security website, they had my =
root password. i.e. they unencrypted it.
Fortunately, they were not smart enough to do any real damage. They just =
filled my website with links to porn sites.
>> is crypt that bad? :)
>> anyways, gonna put the pam_smbpass to work first !
>> thanks
>> Daniel Provin
>> Linux User #191271
>> EEL LABMETRO UFSC
>> On 22 Feb 2003, Bradley W. Langhorst wrote:
>> > On Sat, 2003-02-22 at 15:55, Daniel Provin wrote:
>> > > okay
>> > >
>> > > so, I just need to activate the pam_smbpass module to keep de smbpass
>> with
>> > > the last password
>> > >
>> > > but is there any way to build an initial list of passwords from
>> > > unix passwords?
>> > well
>> > you could crack all your users passwords...
>> > probably wouldn't take more than a few weeks if you're using crypt.
>> >
>> > seriously - i don't know an easy way to deal with this problem.
>> > You might be able to configure pam to update the samba password upon
>> > login.
>> > or put the smbpasswd program into the logon script so that your users
>> > change it when the log in
>> >
>> > brad
>> > --
>> > Bradley W. Langhorst <brad at langhorst.com>
>> >
>> --=20
>> To unsubscribe from this list go to the following URL and read the
>> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list