-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 12 Sep 2003, Alexandru Ionica wrote:
> When a client authenticates to a samba server does he send the hash of the > password over a clear text connection , or does he send the hash over some > kind of encrypted connection ?. Depends on what type of authentication you are referring to. With NTLMv1 and v2, the response is a generated sequence based on the original hash but the hash is never sent. Kerberos is a different matter. > When there is a password change from the client, does the password travel > in clear text over and encrypted connection, or is the password hashed ? The old password hash is used as the key for encryption a byte stream. The server has to have the current password hash to decode and obtain the clear text of the new password. But then again there about about 4 different ways to change passwords in the CIFS protocol. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE/Yqt8IR7qMdg1EfYRAn7JAJ9WVmXyQzHxCdo4gAW+ysBQbEUf4ACguI1/ H77jDyAJ/rYEDzRcgJQd6oU= =EuHZ -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
