[Samba] encrypted passwords and /etc/passwd
clock at atrey.karlin.mff.cuni.cz
Wed Sep 1 11:24:22 GMT 2004
> On 31 Aug 2004 , Karel Kulhavy entreated about
> "[Samba] encrypted passwords and /etc/passwd":
> } Isn't it possible to tell Samba server that on the way between a
> } client and the server, the passwords sould be encrypted, and after
> } decryption, they will be checked against /etc/passwd and not
> } smbpasswd, tdb or whatever backend?
> passwords are never decrypted since they use a one way hash function.
> in other words, the CANNOT be decrypted, for good security reasons.
> when a server stores your password, it stores the encrypted version,
> and can only check an encrypted password against that.
> Windows and Unix use different password encryption
> therefore, in order to use the Unix encrypted hash in the
> /etc/passwd, the unix box needs to receive the plain text password
> from Windows so it can encrypt it itself. Windows encrypted
> passwords are stored in smbpasswd and are incompatible with the
> /etc/passwd format
Thanks, I completely understand it now.
I didn't get this idea reading man smb.conf, the entry about encrypt
passwords =. The manpage says that setting encrypt passwords = yes
requires usage of smbpasswd. However it doesn't say why. Shouldn't the
explanation why be also part of the manpage? Should I file a bugreport
against the manpage?
The manpage omits also one fact: that when encrypt passwords = no, then
the server won't try to access smbpasswd file and will use /etc/passwd
directly. I thinks this should be added too. It can't be deduced from
what is in the manpage currently.
Should I file this also as a bugreport against the man smb.conf manpage?
> DA Fo rsyth Network Supervisor
> Principal Technical Officer -- Institute for Water Research
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba