[ltb-dev] [LDAP Tool Box - Feature #164] Add hashes for Samba passwords

noreply at lsc-project.org noreply at lsc-project.org
Fri Jan 29 10:05:28 CET 2010


Issue #164 has been updated by Clément Oudot.

Assigned to set to Clément Oudot
Target version set to self-service-password-0.3

Good idea!
----------------------------------------
Feature #164: Add hashes for Samba passwords
http://tools.lsc-project.org/issues/show/164

Author: Jonathan Clarke
Status: New
Priority: Normal
Assigned to: Clément Oudot
Category: Self Service Password
Target version: self-service-password-0.3


Hi,

Now that we have a nice mechanism to hash passwords, I was thinking that it would be nice to be able to store Samba password hashes. Samba uses two specific attributes, *sambaLMPassword* and *sambaNTPassword*, each with a different hash. "An old post on the samba mailing list":http://lists.samba.org/archive/samba-technical/2004-March/034988.html provides details on the algorithms to generate them.

However, according to "this question on ServerFault":http://serverfault.com/questions/24543/what-is-the-difference-between-sambalmpassword-and-sambantpassword, the LM hash is very weak, and no longer used by default by Samba since it's not required for any Windows clients newer than Windows 95. So it seems that *sambaNTPassword* would be sufficient for most users nowadays.

Added bonus would be to update the related attribute * sambaPwdLastSet*...

This functionality should of course be optional, even if the *sambaSamAccount* objectClass is present in a user's LDAP entry, since other ways of updating this attribute are available, like "OpenLDAP's smbk5pwd overlay":http://www.openldap.org/devel/cvsweb.cgi/~checkout~/contrib/slapd-modules/smbk5pwd/README?rev=1.4.2.1&cvsroot=OpenLDAP-src&hideattic=1&sortbydate=0.


-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20100129/fbbaaed1/attachment.htm>


More information about the ltb-dev mailing list