[Samba] encrypted passwords and /etc/passwd

DA Forsyth iwrTech at iwr.ru.ac.za
Wed Sep 1 09:06:58 GMT 2004

On 31 Aug 2004 , Karel Kulhavy entreated about
 "[Samba] encrypted passwords and /etc/passwd":

} Isn't it possible to tell Samba server that on the way between a
} client and the server, the passwords sould be encrypted, and after
} decryption, they will be checked against /etc/passwd and not
} smbpasswd, tdb or whatever backend?

passwords are never decrypted since they use a one way hash function. 
in other words, the CANNOT be decrypted, for good security reasons.
when a server stores your password, it stores the encrypted version, 
and can only check an encrypted password against that.

Windows and Unix use different password encryption

therefore, in order to use the Unix encrypted hash in the 
/etc/passwd, the unix box needs to receive the plain text password 
from Windows so it can encrypt it itself.  Windows encrypted 
passwords are stored in smbpasswd and are incompatible with the 
/etc/passwd format

       DA Fo rsyth            Network Supervisor
Principal Technical Officer  -- Institute for Water Research

More information about the samba mailing list