[Samba] Hashes in smbpasswd
Andrew Bartlett
abartlet at samba.org
Thu Sep 2 03:03:47 GMT 2004
On Tue, 2004-08-24 at 07:49, Andrew Bartlett wrote:
> On Tue, 2004-08-24 at 00:12, William Jojo wrote:
> > AIX 5.2
> > Samba 3.0.6
> >
> >
> > the smbpasswd file is showing only the nt (second) hash after a machine
> > join. the lm hash (first) is all X's.
> >
> > is this expected?
It appears that machines set their passwords to strings > 14 characters,
so the new (correct) code for dealing with that doesn't store a LM hash.
> > I also noticed in LDAP that this was the case on password changes for
> > users.
> >
> > has the LM hash been dropped?
>
> Yes. For machines, it doesn't get set for a number of reasons, and for
> machines, it is also never read. As we moved to allow the same for
> users (where they have 'long' passwords, > 14 chars), I cleaned up the
> machine password change code at the same time.
Actually, it looks like I forgot to commit that patch. The behaviour
until now has been to, when the machine changes it's password (by
default) 7 days later to store the NT password in both fields.
The new behaviour will be to keep the LM field XXX'ed out.
Andrew Bartlett
--
Andrew Bartlett abartlet at samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040902/5952dbcb/attachment.bin
More information about the samba
mailing list