"C.Lee Taylor" wrote: > > Greetings ... > > A quick question more to confirm a few things reguarding SMB passwords, > which I hope might be able to look at for password aging. > > I saw some discussion on samba-tech list, but nothing conclusive. > > LM and NT hashs don't have a salt? Do they? ... In other words, a > password "password" LM hashed, always comes out as > "E52CAC67419A9A224A3B108F3FA6CB6D" not matter the case? Just checks, > but I take it a password "password" NT hashed is case sencetive, but > still no salt, which means one could search a DB of a large number of LM > or NT hashed to crack a LM/NT hash?
Fun, isn't it :-) Anyway, the passwords are 'paintext equivilant', so you don't even need to crack them. > I understand that we can't use PAM cracklib to do password sanity, but > we could use all known hashs in a smb passwd DB, ie ... search ones > local LDAP DB for matching LM/NT hashs and not accept password. > > But I think that the rpc's to look after password expire and sanity > have not been finished, am I correct in this thinking? Password expiry is implemented in Samba 3.0, password sainity not yet implemented. (Patches welcome, see previous discussion). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
