On Monday, October 29, 2001 6:47 PM Michael Brown wrote:
AFAIK and FWIW, the "encrypted" passwords that Windows uses are effectively plain-text anyway. If you have an encrypted password then, with a little hacking of the SMB client, you can use the encrypted password without ever needing to know the plain-text password. Disclaimer: my knowledge on this may be out of date or inaccurate.
Well, there is a security snag over SMB encrypted passwords, but I wouldn't agree it makes then "effectively plain text". If a rogue user gets read access to the smbpasswd file on the server (and of course something has already gone seriously wrong with the sysadmin's security practices if this happens), s/he can indeed use a hacked SMBclient to fool the server into thinking that that client knows the cleartext password of any users in that file. But without access to the smbpasswd file, this cannot be done. Contrast that with the much lower threshold required to gain illicit access on a clear-text system. There our rogue user simply uses a readily-available program to put the NIC on a Win9x client into promiscuous mode and sniff password exchanges. Using this same technique where passwords are SMB encrypted would not work: what goes on the wire and can be sniffed is not the "password-equivalent" string from the smbpasswd file, but the result of using that string as a key to encrypt another, random string. So provided access to the smbpasswd file is prevented, the method is significantly more secure than plain text (which isn't really secure at all).
But why do you want to make Linux authentication primary in this way?
Why not?
Because in an environment where Samba is the principal means by which users access their files on a Linux system (and Markus may or may not have such an environment, which is why I asked) it is arguably preferable to make SMB the primary authentication mode and to manage all non-administrative users as Samba users (only). Of course, all Samba users also need to have (pending full implementation of Winbind) a Linux id as well, but that can be created along with their Samba id, and they need never know they have it. Other servers requiring authentication (e.g. IMAP, POP3, Squid, etc) can be configured to authenticate via PAM to Samba instead of to passwd/shadow. Michael --------------------------------------------------------- Michael Beddow