[Samba] Does winbindd/pam transmit cleartext authneticating against an NT PDC

Gerald (Jerry) Carter jerry at samba.org
Tue Jan 27 18:54:04 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeremy Allison wrote:
| On Tue, Jan 27, 2004 at 12:44:34PM -0500, Karl DeBisschop wrote:
|
|>I'm being told that when winbindd is used to connect a Linux client to
|>an NT PDC, that encrypted passwords cannot be used in transport. In
|>other words that passwords are sent over the wire in clear text.
|>
|>I find this surprising. Nor can i find documentation of this assertion
|>anywhere.  Can anyone definitively say this is true or false?
|
|
| Definitively this is false. winbindd uses the same methods as
| a Windows member server to enumerate accounts. No cleartext.

But perhaps the original question was about getting the
password to pam_winbind in the first place?  The UNIX
application hands the clear text of the password to
pam_winbind which talks to winbindd over a unix domain
socket.  Then winbindd does talk to the DC just like Jeremy
says.

Maybe your original source of information is talking about
PAM in general?  Or has the facts mixed up wrt to winbindd.





cheers, jerry
~ ----------------------------------------------------------------------
~ Hewlett-Packard            ------------------------- http://www.hp.com
~ SAMBA Team                 ---------------------- http://www.samba.org
~ GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
~ "If we're adding to the noise, turn off this song" --Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAFrPMIR7qMdg1EfYRAkIBAKCn+k/RfJcu70/IrT2AVbrXotf9CgCgspth
x915DZ2SiMryc9VODHJhQWE=
=LMTE
-----END PGP SIGNATURE-----



More information about the samba mailing list