[Samba] Clear text authentication impossible???
abartlet at samba.org
Sun Oct 26 03:20:36 GMT 2003
On Fri, 2003-10-24 at 11:19, Jeremy Allison wrote:
> On Thu, Oct 23, 2003 at 08:51:09AM +1000, Andrew Bartlett wrote:
> > On Thu, 2003-10-23 at 05:16, Jeremy Allison wrote:
> > > On Wed, Oct 22, 2003 at 03:27:31PM +0200, Beschorner Daniel wrote:
> > > > We have an Exchange 5.5 server in our Samba 3 domain und want to have POP3
> > > > access with clear text authentication from clients.
> > > > But no kind of credentials is accepted.
> > > >
> > > > It did a level 10 log on the Samba server and found my clear text password
> > > > in the log (in nt_chal_resp and lm_chal_resp fields) during authentication.
> > > >
> > > > Is it possible that Samba can't handle the clear-text pass-through from
> > > > POP3-Client per Exchange server and takes it for NTLMv2 challenge????
> > >
> > > Can you post the debug level 10 log please (obfuscate all passwords of course :-).
> > I picked this one up at the end of last week. I never got it into CVS,
> > because I didn't have the setup to test it. (And I wanted to clean it
> > up a bit, we should also handle the 'interactive' login in a similar
> > way, and possibly 'ascii' passwords against the LM hash).
> > Thanks to Fabien Chevalier for providing the information that made
> > fixing this so easy.
> I've committed a varient of this. Andrew can you please check for
> correctness ?
It looks reasonable to me. Was there anything particularly wrong with
'static char zeros'? (As I've used that elsewhere, and you have now
got me worried...)
What I proposed was only an early patch, and I intend to clean this up a
bit more, cope with ASCII only passwords, and add a direct deny on the
password fail. But that can wait, and it's good to see this in and
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031026/979a5d34/attachment.bin
More information about the samba