[Samba] encrypted passwords and /etc/passwd

Karel Kulhavy clock at atrey.karlin.mff.cuni.cz
Wed Sep 1 11:24:22 GMT 2004

> On 31 Aug 2004 , Karel Kulhavy entreated about
>  "[Samba] encrypted passwords and /etc/passwd":
> } Isn't it possible to tell Samba server that on the way between a
> } client and the server, the passwords sould be encrypted, and after
> } decryption, they will be checked against /etc/passwd and not
> } smbpasswd, tdb or whatever backend?
> passwords are never decrypted since they use a one way hash function. 
> in other words, the CANNOT be decrypted, for good security reasons.
> when a server stores your password, it stores the encrypted version, 
> and can only check an encrypted password against that.
> Windows and Unix use different password encryption
> therefore, in order to use the Unix encrypted hash in the 
> /etc/passwd, the unix box needs to receive the plain text password 
> from Windows so it can encrypt it itself.  Windows encrypted 
> passwords are stored in smbpasswd and are incompatible with the 
> /etc/passwd format

Thanks, I completely understand it now. 

I didn't get this idea reading man smb.conf, the entry about encrypt
passwords =. The manpage says that setting encrypt passwords = yes
requires usage of smbpasswd. However it doesn't say why. Shouldn't the
explanation why be also part of the manpage? Should I file a bugreport
against the manpage?

The manpage omits also one fact: that when encrypt passwords = no, then
the server won't try to access smbpasswd file and will use /etc/passwd
directly. I thinks this should be added too. It can't be deduced from
what is in the manpage currently.

Should I file this also as a bugreport against the man smb.conf manpage?

> --
>        DA Fo rsyth            Network Supervisor
> Principal Technical Officer  -- Institute for Water Research
> http://www.ru.ac.za/institutes/iwr/
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list