[Samba] getting rid of lmhashes?

Andrew Bartlett abartlet at samba.org
Fri Mar 10 22:18:43 GMT 2006

On Fri, 2006-03-03 at 17:48 -0500, Josh Kelley wrote:
> On 3/2/06, Mark Proehl <M.Proehl at science-computing.de> wrote:
> > is there a way of disabling the creation of the (insecure) lm-hash in
> > the passdb backend of a samba3-pdc?
> The standard way to disable LM hashes in a Microsoft shop is to
> configure the clients to not save them (Local Security Policy ->
> Security Options -> "Network security: Do not store LAN Manager hash
> value on next password change").  I don't think they even offer a
> server-side option to do so.

No, the server controls the hash generation (in almost all
circumstances), so this is a server option.

> It does seem like a useful feature for Samba.

It looks like jerry will add it, controlled by 'lanman auth = '.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20060311/086469d1/attachment.bin

More information about the samba mailing list