Hello! I have a query regarding the use of "encrypt passwords = yes" and is wondering if anyone can help me with it. If I recall correctly, when using "encrypt passwords = no" , Samba will lookup the username/password via the UNIX /etc/passwd file or equivalent. And as the password can have mixed-case passwords, the "password level = x" parameter is used to produce the number of permutations of the user supplied password to see if it matches that of the server. But what about when using "encrypt passwords = yes" ? Is the "password level = x" parameter still needed? Will the mixed case password issue still occur or will the passwords all be converted into UPPPER or lower case and then stored in the /etc/smbpasswd file? Many thanks in advance for any advice.
Hello! I have a query regarding the use of "encrypt passwords = yes" and is wondering if anyone can help me with it. If I recall correctly, when using "encrypt passwords = no" , Samba will lookup the username/password via the UNIX /etc/passwd file or equivalent. And as the password can have mixed-case passwords, the "password level = x" parameter is used to produce the number of permutations of the user supplied password to see if it matches that of the server. But what about when using "encrypt passwords = yes" ? Is the "password level = x" parameter still needed? Will the mixed case password issue still occur or will the passwords all be converted into UPPPER or lower case and then stored in the /etc/smbpasswd file? Many thanks in advance for any advice.
Chen Shiyuan wrote:> > If I recall correctly, when using "encrypt passwords = no" > , Samba will lookup the username/password via the > UNIX /etc/passwd file or equivalent. And as the password > can have mixed-case passwords, the "password level > x" parameter is used to produce the number of permutations > of the user supplied password to see if it matches that > of the server.Correct.> But what about when using "encrypt passwords = yes" ? > Is the "password level = x" parameter still needed? Will > the mixed case password issue still occur or will the > passwords all be converted into UPPPER or lower > case and then stored in the /etc/smbpasswd file?password level has no effect when using encrypt passwords = yes as the clear text of the password is never used. -- Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 )
-----Original Message----- From: Gerald Carter [mailto:gcarter@valinux.com] Sent: Saturday, December 09, 2000 3:46 PM To: Chen Shiyuan Cc: samba@samba.org Subject: Re: Encrypt Passwords & Mixed Case Passwords Chen Shiyuan wrote:> > If I recall correctly, when using "encrypt passwords = no" > , Samba will lookup the username/password via the > UNIX /etc/passwd file or equivalent. And as the password > can have mixed-case passwords, the "password level > x" parameter is used to produce the number of permutations > of the user supplied password to see if it matches that > of the server.Correct. ^^^^^^^ Well, almost; it turns out that there is a check in the code to see if the password being supplied by the client is an 'encrypted' password (if len = 24, I believe), and if it IS, then it will just reject the authorization out of hand... So if you have a client who is NOT sending cleartext passwds, the unix user db (or nis) is never used... **************** if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords())) ****************> But what about when using "encrypt passwords = yes" ? > Is the "password level = x" parameter still needed? Will > the mixed case password issue still occur or will the > passwords all be converted into UPPPER or lower > case and then stored in the /etc/smbpasswd file?password level has no effect when using encrypt passwords = yes as the clear text of the password is never used. -- Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 )
Of course! Got me again, Jerry ;-> Don -----Original Message----- From: Gerald Carter [mailto:gcarter@valinux.com] Sent: Tuesday, December 12, 2000 10:05 AM To: MCCALL,DON (HP-USA,ex1) Cc: Chen Shiyuan; samba@samba.org Subject: Re: Encrypt Passwords & Mixed Case Passwords "MCCALL,DON (HP-USA,ex1)" wrote:> > > If I recall correctly, when using "encrypt passwords = no" > > , Samba will lookup the username/password via the > > UNIX /etc/passwd file or equivalent. And as the password > > can have mixed-case passwords, the "password level > > x" parameter is used to produce the number of permutations > > of the user supplied password to see if it matches that > > of the server. > > Correct. > ^^^^^^^ Well, almost; it turns out that there is a check > in the code to see if the password being supplied by the > client is an 'encrypted' password (if len = 24, I believe), > and if it IS, then it will just reject the authorization > out of hand... So if you have a client who is NOT sending > cleartext passwds, the unix user db (or nis) is never used... > **************** > if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && > lp_null_passwords())) > ****************Very true. To me this would be a broken client though as it is not honoring the password encryption bit set by the server in the negprot response packet. :-) Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 )