[Samba] Being able to read password hashes

Andrew Bartlett abartlet at samba.org
Mon Jul 21 17:32:10 MDT 2014

On Mon, 2014-07-21 at 13:38 -0400, Gaiseric Vandal wrote:
> Is the concern here that unauthorized users can get the password hashes 
> and therefore decrypt them?  Or is the concern that they might be 
> sniffed over the network somehow?
> I would guess that no matter what system you use , a sysadmin will have 
> the ability to get the password hashes from the server.

We don't allow access to this over the network, but these keys are
stored in the local ldb files, for use in authentication.  That is why
your sam.ldb.d directory should be mode 0700.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list