[Samba] Storing Hashed Passwords in Credentials File

Andrew Bartlett abartlet at samba.org
Wed Jan 21 22:38:09 GMT 2004

On Thu, 2004-01-22 at 04:08, Alon Albert wrote:
> I would like to have user specific entries in /etc/fstab
> I understand the proper way to do this is to use credential
> files to store the username/passwords.

> This way, event if the file gets compromised, the actual 
> password is still not revieled.

Unfortunately the 'hash' we send on the wire is not something we can
store, as it varies with the challenge the server sends.  

The password we would have to store would be the same as the entry in
the smbpasswd file on the server.  This is sufficient to use as the
password, on a modified client.  This is a property of
challenge-response authentication.

So, apart from protecting your eyeballs, there is no benefit from
storing the hashed passwords in the credentials file.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040122/39732872/attachment.bin

More information about the samba mailing list