> -----Original Message----- > From: Jeremy Allison [mailto:jra at samba.org] > Sent: Friday, August 25, 2017 3:48 PM> Looking at the code I think it's now returning the plaintext password, whereas > previously it only stored the password hash. You'll have to hash to make it > useful by wicd it seems (I'm guessing wicd expects the hash, not the plaintext).OK. I guess I had that backwards. I thought that the new version (\EE\A9\8D\EF\AD\AC...) was giving me an encrypted (or hashed I guess) value, and the old version ( ]f2>lOR4NA~hbv ) was the plaintext password. I'll see if I can't translate that over somehow. Thank you! James
On Sat, 2017-08-26 at 01:02 +0000, James Zuelow via samba wrote:> > -----Original Message----- > > From: Jeremy Allison [mailto:jra at samba.org] > > Sent: Friday, August 25, 2017 3:48 PM > > > > Looking at the code I think it's now returning the plaintext password, whereas > > previously it only stored the password hash. You'll have to hash to make it > > useful by wicd it seems (I'm guessing wicd expects the hash, not the plaintext). > > OK. > > I guess I had that backwards. I thought that the new version (\EE\A9\8D\EF\AD\AC...) was giving me an encrypted (or hashed I guess) value, and the old version ( ]f2>lOR4NA~hbv ) was the plaintext password. > > I'll see if I can't translate that over somehow.The recent secrets changes to store the krb5 hashes changed some things to use a IDL defined NDR packed structure. I've not checked the details, but that might be what you are seeing. This is a very valid use case, we clearly do need a net sub-command to just print it. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
> -----Original Message----- > From: Andrew Bartlett [mailto:abartlet at samba.org] > Sent: Saturday, August 26, 2017 12:38 PM > To: James Zuelow; samba at lists.samba.org > Subject: Re: [Samba] retrieve machine password in current Samba?-- >8 -- snip -- 8< --> > The recent secrets changes to store the krb5 hashes changed some things to > use a IDL defined NDR packed structure. I've not checked the details, but that > might be what you are seeing. > > This is a very valid use case, we clearly do need a net sub-command to just > print it. > > Andrew BartlettAndrew, Would there be a way for me to translate that back somehow? I'm thinking that even if a new net command came out, I would be waiting for Debian to release Buster before I saw it show up on my stable machines. Thanks!