I would like to have user specific entries in /etc/fstab I understand the proper way to do this is to use credential files to store the username/passwords. I also know I can protect these files from reading. However, I don't like the idea of a password to stored in plain text anywhere, event if it is protected. I know samba send the password in plain text anyway, it sends an encrypted hash of it. So, can I have that hash stored in the credentials file instead of the plain text password? This way, event if the file gets compromised, the actual password is still not revieled.
Andrew Bartlett
2004-Jan-21 22:42 UTC
[Samba] Storing Hashed Passwords in Credentials File
On Thu, 2004-01-22 at 04:08, Alon Albert wrote:> I would like to have user specific entries in /etc/fstab > > > > I understand the proper way to do this is to use credential > files to store the username/passwords.> This way, event if the file gets compromised, the actual > password is still not revieled.Unfortunately the 'hash' we send on the wire is not something we can store, as it varies with the challenge the server sends. The password we would have to store would be the same as the entry in the smbpasswd file on the server. This is sufficient to use as the password, on a modified client. This is a property of challenge-response authentication. So, apart from protecting your eyeballs, there is no benefit from storing the hashed passwords in the credentials file. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040122/39732872/attachment.bin