[Samba] encryption algorithm used by samba ad
abartlet at samba.org
Tue Jun 21 19:48:53 UTC 2022
On Tue, 2022-06-21 at 16:33 -0300, Anderson Sampaio Mello via samba
> Hello samba team.
> Do you know what is the encryption algorithm used by the samba ad to
> the passwords for user accounts and computers in the samba4 active
> Is it possible to replace the algorithm with another one?
The least secure algorithm is currently unsalted MD4 - the NT hash. I
have an outstanding merge request currently awaiting final approval to
allow this to be disabled for user accounts.
We can also optionally store (for comparability and password sync) a
crypt() style hash.
We always store the AES kerberos hashes, based on PKDF2 iterated sha1
of the password (AES128_HMAC_SHA1, AES256_HMAC_SHA1).
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
More information about the samba