[Samba] Clear text authentication impossible???

Andrew Bartlett abartlet at samba.org
Sun Oct 26 03:20:36 GMT 2003 

On Fri, 2003-10-24 at 11:19, Jeremy Allison wrote:
> On Thu, Oct 23, 2003 at 08:51:09AM +1000, Andrew Bartlett wrote:
> > On Thu, 2003-10-23 at 05:16, Jeremy Allison wrote:
> > > On Wed, Oct 22, 2003 at 03:27:31PM +0200, Beschorner Daniel wrote:
> > > > We have an Exchange 5.5 server in our Samba 3 domain und want to have POP3
> > > > access with clear text authentication from clients.
> > > > But no kind of credentials is accepted.
> > > > 
> > > > It did a level 10 log on the Samba server and found my clear text password
> > > > in the log (in nt_chal_resp and lm_chal_resp fields) during authentication.
> > > > 
> > > > Is it possible that Samba can't handle the clear-text pass-through from
> > > > POP3-Client per Exchange server and takes it for NTLMv2 challenge????
> > > 
> > > Can you post the debug level 10 log please (obfuscate all passwords of course :-).
> > 
> > I picked this one up at the end of last week.   I never got it into CVS,
> > because I didn't have the setup to test it.  (And I wanted to clean it
> > up a bit, we should also handle the 'interactive' login in a similar
> > way, and possibly 'ascii' passwords against the LM hash).
> > 
> > Thanks to Fabien Chevalier for providing the information that made
> > fixing this so easy.
> 
> I've committed a varient of this. Andrew can you please check for
> correctness ?

It looks reasonable to me.  Was there anything particularly wrong with
'static char zeros[8]'?   (As I've used that elsewhere, and you have now
got me worried...)

What I proposed was only an early patch, and I intend to clean this up a
bit more, cope with ASCII only passwords, and add a direct deny on the
password fail.  But that can wait, and it's good to see this in and
fixed.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031026/979a5d34/attachment.bin

More information about the samba mailing list