Issue #9326 has been updated by Josh Cooper. Estimated time changed from 8.00 to 24.00
Some background about this issue. On Windows, the LM/NT hashes are not salted, e.g. the NT hash is the MD4(Unicode-LE(password)). There are various "tools" that can pass the hash, notably [iam.exe](http://oss.coresecurity.com/pshtoolkit/doc/index.html), which can impersonate a user given only their LM/NT hash. Since the password and hash have nearly equivalent privacy requirements, the Security Accounts Manager goes to great lengths to protect hashes. However, there are tools that enable getting and setting the hashes (http://www.pogostick.net/~pnh/ntpasswd). ---------------------------------------- Bug #9326: Password management on windows https://projects.puppetlabs.com/issues/9326 Author: Josh Cooper Status: Accepted Priority: Normal Assignee: Category: windows Target version: 2.7.4 Affected Puppet version: development Keywords: Branch: >From Nigel, we need to be able to manage passwords for users. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
