Re: 'krbPrincipalKey' and 'sambaMungedDial'

To: debian-edu@lists.debian.org
Subject: Re: 'krbPrincipalKey' and 'sambaMungedDial'
From: Petter Reinholdtsen <pere@hungry.com>
Date: Mon, 25 Mar 2013 21:56:27 +0100
Message-id: <[🔎] 2fly5dbb3lw.fsf@diskless.uio.no>
In-reply-to: <[🔎] 514F0B48.6010501@web.de>
References: <[🔎] 514C95D7.2080502@web.de> <[🔎] 20130322180127.GA10478@fuzi> <[🔎] 514F0B48.6010501@web.de>

[Martin Schulte]
> thank you for your answer.
> I found a way to get the passwords in cleartext from lenny ldap, thanks 
> to windows, the secures OS ever :-) and his LM-Hash. You can crack this 
> LM-hash using ophcrack (http://en.wikipedia.org/wiki/Ophcrack ), which 
> uses rainbow tables.

Interesting and scary.  Even in Debian Edu Squeeze, the user passwords
are stored in three places in the user LDAP object.  Once for Kerberos,
once for Samba and once for GOsa.  We should really try to get rid of
the last two.

> If someone interested i can put the script into the wiki.

Sound like a nice thing to publish, yes.

-- 
Happy hacking
Petter Reinholdtsen

Reply to:

Follow-Ups:
- Re: 'krbPrincipalKey' and 'sambaMungedDial'
  - From: "Andreas B. Mundt" <andi.mundt@web.de>
- Re: 'krbPrincipalKey' and 'sambaMungedDial'
  - From: Martin Schulte <schulte-martin@web.de>

References:
- 'krbPrincipalKey' and 'sambaMungedDial'
  - From: Martin Schulte <schulte-martin@web.de>
- Re: 'krbPrincipalKey' and 'sambaMungedDial'
  - From: "Andreas B. Mundt" <andi.mundt@web.de>
- Re: 'krbPrincipalKey' and 'sambaMungedDial'
  - From: Martin Schulte <schulte-martin@web.de>

Prev by Date: debian-edu-config_1.704~svn79463_amd64.changes ACCEPTED
Next by Date: bug tracking
Previous by thread: Re: 'krbPrincipalKey' and 'sambaMungedDial'
Next by thread: Re: 'krbPrincipalKey' and 'sambaMungedDial'
Index(es):
- Date
- Thread