RE: How can I help ?

To: Ryan White <rwhite@collectivenet.net>
Cc: Ronny Adsetts <ronny.adsetts@camdenmusic.com>, debian-security@lists.debian.org
Subject: RE: How can I help ?
From: Alexander Hvostov <vulture@aoi.dyndns.org>
Date: Tue, 13 Jun 2000 19:24:05 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.4.21.0006131923130.20300-100000@cornerstone.core.aoi>
In-reply-to: <[🔎] Pine.LNX.4.21.0006131544410.10617-100000@merlin.collectivenet.net>

Ryan,

It may be encrypted, but it isn't public-key encrypted or anything like
that. Anyone with a packet analyzer (ngrep will do it) can just send the
encrypted password to the server, so it's just as good as having the
cleartext password.

Regards,

Alex.

---
PGP/GPG Fingerprint:
  EFD1 AC6C 7ED5 E453 C367  AC7A B474 16E0 758D 7ED9

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM d- s:+ a--- C++++ UL++++ P L+++ E W++ N o-- K- w
O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
G e-- h++ r--- y
------END GEEK CODE BLOCK------

On Tue, 13 Jun 2000, Ryan White wrote:

> 
> As I recall after windows 95 the passwords are sent over the line
> encrypted. The encryption might be weak but they are not clear text
> anymore. 
> 
> There is a switch in SMB to allow encrypted passwords. This is ON by
> default in debian (I believe)
> 
> -Ryan
> 
> On Tue, 13 Jun 2000, Alexander Hvostov wrote:
> 
> > Ronny and all,
> > 
> > If you want to use LDAP, I suggest you do LDAP over SSL/TLS. The current
> > OpenLDAP doesn't support it natively, but I believe there's a patch, and
> > of course there's always wrappers like stunnel.
> > 
> > Of course, if you want to use user authentication from Windows, using PAM
> > is more or less out of the question. LDAP, of course, is not, and neither
> > is SSL/TLS.
> > 
> > By the way, Samba already is able to use LDAP for authentication, though
> > it's not too great, last I checked. Maybe you fellows could work on
> > it?
> > 
> > Finally, if any of you have any knowledge of programming Windows drivers,
> > I suggest you write a replacement and/or hack for the "Client for
> > Microsoft Networks" driver, so that it can talk to Samba over SSL/TLS,
> > which would be a very nice thing to have. (I hate the idea of sending my
> > password in the clear over a SMB connection...)
> > 
> > Regards,
> > 
> > Alex.
> > 
> > ---
> > PGP/GPG Fingerprint:
> >   EFD1 AC6C 7ED5 E453 C367  AC7A B474 16E0 758D 7ED9
> > 
> > -----BEGIN GEEK CODE BLOCK-----
> > Version: 3.12
> > GCM d- s:+ a--- C++++ UL++++ P L+++ E W++ N o-- K- w
> > O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+
> > G e-- h++ r--- y
> > ------END GEEK CODE BLOCK------
> > 
> > On Tue, 13 Jun 2000, Ronny Adsetts wrote:
> > 
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > > 
> > > <snip>
> > > > One thing I am interested is, which ist AFAIK no
> > > > implemented yet:
> > > > Crossplattform userauthentication (win+unix),
> > > > via LDAP.
> > > 
> > > This is a great idea. I am willing to help if pointed in the right
> > > direction. I guess using PAM and Samba together with LDAP might be a
> > > place to start.
> > > 
> > > Have perl, shell (bash) and some c skills, but always willing to
> > > learn.
> > > 
> > > Ronny Adsetts
> > > 
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: PGP 6.5.1i for non-commercial use <http://www.pgpi.com/>
> > > 
> > > iQA/AwUBOUawvP4+LjEVAJSfEQJMUQCcDdBLxD1S7fkYhM9sniPedA1G3+cAoO57
> > > hMtR+4P+qMsMXS5sNEc5Tyvq
> > > =jQaV
> > > -----END PGP SIGNATURE-----
> > > 
> > > 
> > > --  
> > > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> > > 
> > 
> > 
> > --  
> > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> > 
>

Reply to:

References:
- RE: How can I help ?
  - From: Ryan White <rwhite@collectivenet.net>

Prev by Date: Re: How can I help ?
Next by Date: Re: How can I help ?
Previous by thread: RE: How can I help ?
Next by thread: Re: How can I help ?
Index(es):
- Date
- Thread