> On 31 Aug 2004 , Karel Kulhavy entreated about > "[Samba] encrypted passwords and /etc/passwd": > > } Isn't it possible to tell Samba server that on the way between a > } client and the server, the passwords sould be encrypted, and after > } decryption, they will be checked against /etc/passwd and not > } smbpasswd, tdb or whatever backend? > > passwords are never decrypted since they use a one way hash function. > in other words, the CANNOT be decrypted, for good security reasons. > when a server stores your password, it stores the encrypted version, > and can only check an encrypted password against that. > > Windows and Unix use different password encryption > > therefore, in order to use the Unix encrypted hash in the > /etc/passwd, the unix box needs to receive the plain text password > from Windows so it can encrypt it itself. Windows encrypted > passwords are stored in smbpasswd and are incompatible with the > /etc/passwd format
Thanks, I completely understand it now. I didn't get this idea reading man smb.conf, the entry about encrypt passwords =. The manpage says that setting encrypt passwords = yes requires usage of smbpasswd. However it doesn't say why. Shouldn't the explanation why be also part of the manpage? Should I file a bugreport against the manpage? The manpage omits also one fact: that when encrypt passwords = no, then the server won't try to access smbpasswd file and will use /etc/passwd directly. I thinks this should be added too. It can't be deduced from what is in the manpage currently. Should I file this also as a bugreport against the man smb.conf manpage? Cl< > > > -- > DA Fo rsyth Network Supervisor > Principal Technical Officer -- Institute for Water Research > http://www.ru.ac.za/institutes/iwr/ > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba