Re: 'krbPrincipalKey' and 'sambaMungedDial'

To: debian-edu@lists.debian.org
Subject: Re: 'krbPrincipalKey' and 'sambaMungedDial'
From: "Andreas B. Mundt" <andi.mundt@web.de>
Date: Mon, 25 Mar 2013 23:42:54 +0100
Message-id: <[🔎] 20130325224254.GB14338@fuzi>
Mail-followup-to: debian-edu@lists.debian.org
In-reply-to: <[🔎] 2fly5dbb3lw.fsf@diskless.uio.no>
References: <[🔎] 514C95D7.2080502@web.de> <[🔎] 20130322180127.GA10478@fuzi> <[🔎] 514F0B48.6010501@web.de> <[🔎] 2fly5dbb3lw.fsf@diskless.uio.no>

Hi all,

On Mon, Mar 25, 2013 at 09:56:27PM +0100, Petter Reinholdtsen wrote:
>
> [Martin Schulte]
> > thank you for your answer.
> > I found a way to get the passwords in cleartext from lenny ldap, thanks
> > to windows, the secures OS ever :-) and his LM-Hash. You can crack this
> > LM-hash using ophcrack (http://en.wikipedia.org/wiki/Ophcrack ), which
> > uses rainbow tables.
>
> Interesting and scary.  Even in Debian Edu Squeeze, the user passwords
> are stored in three places in the user LDAP object.  Once for Kerberos,
> once for Samba and once for GOsa.  We should really try to get rid of
> the last two.
>

For the record, an attempt to "unify" GOsa and Kerberos:
<URL:http://bugs.debian.org/698544>

Best regards,

     Andi

Reply to:

References:
- 'krbPrincipalKey' and 'sambaMungedDial'
  - From: Martin Schulte <schulte-martin@web.de>
- Re: 'krbPrincipalKey' and 'sambaMungedDial'
  - From: "Andreas B. Mundt" <andi.mundt@web.de>
- Re: 'krbPrincipalKey' and 'sambaMungedDial'
  - From: Martin Schulte <schulte-martin@web.de>
- Re: 'krbPrincipalKey' and 'sambaMungedDial'
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: bug tracking
Next by Date: debian-edu_1.704~svn79477_amd64.changes ACCEPTED
Previous by thread: Re: 'krbPrincipalKey' and 'sambaMungedDial'
Next by thread: Re: 'krbPrincipalKey' and 'sambaMungedDial'
Index(es):
- Date
- Thread