[Samba] Samba StartTLS
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sun Nov 13 03:14:40 MST 2011
On Sat, Nov 12, 2011 at 05:39:18PM -0300, zoolook wrote:
> 2011/11/12 steve <steve at steve-ss.com>:
>
> > Nearly understood it but I'm missing this: How does the username and
> > password that is typed in on the win client travel over the network to the
> > samba (and in my case also ldap) server? It must be sent as plain text no?
> > Cheers, Steve.
>
>
> Yup... more or less. I don't know the internals of NTLM(or whatever 7
> is using). But yes, the username and a hash of the password travels
> over the network to the samba server, not openldap. You can add
> kerberos to the mix if you're concerned about security.
Be aware that the password is never sent in plain text
except if you force both server and client to do so. NTLMv2
as far as I know is reasonably secure.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba
mailing list