[ltb-dev] [LDAP Tool Box - Feature #164] (New) Add hashes for Samba passwords

noreply at lsc-project.org noreply at lsc-project.org
Fri Jan 29 01:03:48 CET 2010


Issue #164 has been reported by Jonathan Clarke.

----------------------------------------
Feature #164: Add hashes for Samba passwords
http://tools.lsc-project.org/issues/show/164

Author: Jonathan Clarke
Status: New
Priority: Normal
Assigned to: 
Category: Self Service Password
Target version: 


Hi,

Now that we have a nice mechanism to hash passwords, I was thinking that it would be nice to be able to store Samba password hashes. Samba uses two specific attributes, *sambaLMPassword* and *sambaNTPassword*, each with a different hash. "An old post on the samba mailing list":http://lists.samba.org/archive/samba-technical/2004-March/034988.html provides details on the algorithms to generate them.

However, according to "this question on ServerFault":http://serverfault.com/questions/24543/what-is-the-difference-between-sambalmpassword-and-sambantpassword, the LM hash is very weak, and no longer used by default by Samba since it's not required for any Windows clients newer than Windows 95. So it seems that *sambaNTPassword* would be sufficient for most users nowadays.

Added bonus would be to update the related attribute * sambaPwdLastSet*...

This functionality should of course be optional, even if the *sambaSamAccount* objectClass is present in a user's LDAP entry, since other ways of updating this attribute are available, like "OpenLDAP's smbk5pwd overlay":http://www.openldap.org/devel/cvsweb.cgi/~checkout~/contrib/slapd-modules/smbk5pwd/README?rev=1.4.2.1&cvsroot=OpenLDAP-src&hideattic=1&sortbydate=0.


-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20100129/2d9c89b5/attachment.htm>


More information about the ltb-dev mailing list