RE: How can I help ?
Ryan,
It may be encrypted, but it isn't public-key encrypted or anything like
that. Anyone with a packet analyzer (ngrep will do it) can just send the
encrypted password to the server, so it's just as good as having the
cleartext password.
Regards,
Alex.
---
PGP/GPG Fingerprint:
EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM d- s:+ a--- C++++ UL++++ P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
G e-- h++ r--- y
------END GEEK CODE BLOCK------
On Tue, 13 Jun 2000, Ryan White wrote:
>
> As I recall after windows 95 the passwords are sent over the line
> encrypted. The encryption might be weak but they are not clear text
> anymore.
>
> There is a switch in SMB to allow encrypted passwords. This is ON by
> default in debian (I believe)
>
> -Ryan
>
> On Tue, 13 Jun 2000, Alexander Hvostov wrote:
>
> > Ronny and all,
> >
> > If you want to use LDAP, I suggest you do LDAP over SSL/TLS. The current
> > OpenLDAP doesn't support it natively, but I believe there's a patch, and
> > of course there's always wrappers like stunnel.
> >
> > Of course, if you want to use user authentication from Windows, using PAM
> > is more or less out of the question. LDAP, of course, is not, and neither
> > is SSL/TLS.
> >
> > By the way, Samba already is able to use LDAP for authentication, though
> > it's not too great, last I checked. Maybe you fellows could work on
> > it?
> >
> > Finally, if any of you have any knowledge of programming Windows drivers,
> > I suggest you write a replacement and/or hack for the "Client for
> > Microsoft Networks" driver, so that it can talk to Samba over SSL/TLS,
> > which would be a very nice thing to have. (I hate the idea of sending my
> > password in the clear over a SMB connection...)
> >
> > Regards,
> >
> > Alex.
> >
> > ---
> > PGP/GPG Fingerprint:
> > EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9
> >
> > -----BEGIN GEEK CODE BLOCK-----
> > Version: 3.12
> > GCM d- s:+ a--- C++++ UL++++ P L+++ E W++ N o-- K- w
> > O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
> > G e-- h++ r--- y
> > ------END GEEK CODE BLOCK------
> >
> > On Tue, 13 Jun 2000, Ronny Adsetts wrote:
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > <snip>
> > > > One thing I am interested is, which ist AFAIK no
> > > > implemented yet:
> > > > Crossplattform userauthentication (win+unix),
> > > > via LDAP.
> > >
> > > This is a great idea. I am willing to help if pointed in the right
> > > direction. I guess using PAM and Samba together with LDAP might be a
> > > place to start.
> > >
> > > Have perl, shell (bash) and some c skills, but always willing to
> > > learn.
> > >
> > > Ronny Adsetts
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: PGP 6.5.1i for non-commercial use <http://www.pgpi.com/>
> > >
> > > iQA/AwUBOUawvP4+LjEVAJSfEQJMUQCcDdBLxD1S7fkYhM9sniPedA1G3+cAoO57
> > > hMtR+4P+qMsMXS5sNEc5Tyvq
> > > =jQaV
> > > -----END PGP SIGNATURE-----
> > >
> > >
> > > --
> > > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> > >
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >
>
Reply to: