On Sat, Jul 13, 2002 at 06:23:38AM +0930, Richard Sharpe wrote: > > Nope. There's a challenge sent by either the server and then the client > > produces a LM and NT response which is a hash of the challenge and the > > user's password. This is sent to the server (in this case winbindd) for > > authentication. > > But the server does not have the user's password, only the NT or LM hash > of the user's password, so what I think you are saying is that the > respose if formed by hashing the challenge with the user's password hash?
Yes. Tim.