[Samba] Being able to read password hashes
Andrew Bartlett
abartlet at samba.org
Mon Jul 21 17:32:10 MDT 2014
On Mon, 2014-07-21 at 13:38 -0400, Gaiseric Vandal wrote:
> Is the concern here that unauthorized users can get the password hashes
> and therefore decrypt them? Or is the concern that they might be
> sniffed over the network somehow?
>
> I would guess that no matter what system you use , a sysadmin will have
> the ability to get the password hashes from the server.
We don't allow access to this over the network, but these keys are
stored in the local ldb files, for use in authentication. That is why
your sam.ldb.d directory should be mode 0700.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list