Ryan, It may be encrypted, but it isn't public-key encrypted or anything like that. Anyone with a packet analyzer (ngrep will do it) can just send the encrypted password to the server, so it's just as good as having the cleartext password.
Regards, Alex. --- PGP/GPG Fingerprint: EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9 -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCM d- s:+ a--- C++++ UL++++ P L+++ E W++ N o-- K- w O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+ G e-- h++ r--- y ------END GEEK CODE BLOCK------ On Tue, 13 Jun 2000, Ryan White wrote: > > As I recall after windows 95 the passwords are sent over the line > encrypted. The encryption might be weak but they are not clear text > anymore. > > There is a switch in SMB to allow encrypted passwords. This is ON by > default in debian (I believe) > > -Ryan > > On Tue, 13 Jun 2000, Alexander Hvostov wrote: > > > Ronny and all, > > > > If you want to use LDAP, I suggest you do LDAP over SSL/TLS. The current > > OpenLDAP doesn't support it natively, but I believe there's a patch, and > > of course there's always wrappers like stunnel. > > > > Of course, if you want to use user authentication from Windows, using PAM > > is more or less out of the question. LDAP, of course, is not, and neither > > is SSL/TLS. > > > > By the way, Samba already is able to use LDAP for authentication, though > > it's not too great, last I checked. Maybe you fellows could work on > > it? > > > > Finally, if any of you have any knowledge of programming Windows drivers, > > I suggest you write a replacement and/or hack for the "Client for > > Microsoft Networks" driver, so that it can talk to Samba over SSL/TLS, > > which would be a very nice thing to have. (I hate the idea of sending my > > password in the clear over a SMB connection...) > > > > Regards, > > > > Alex. > > > > --- > > PGP/GPG Fingerprint: > > EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9 > > > > -----BEGIN GEEK CODE BLOCK----- > > Version: 3.12 > > GCM d- s:+ a--- C++++ UL++++ P L+++ E W++ N o-- K- w > > O--- M- V- PS+ PE- Y PGP t+ 5 X- R tv+ b DI--- D+ > > G e-- h++ r--- y > > ------END GEEK CODE BLOCK------ > > > > On Tue, 13 Jun 2000, Ronny Adsetts wrote: > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > <snip> > > > > One thing I am interested is, which ist AFAIK no > > > > implemented yet: > > > > Crossplattform userauthentication (win+unix), > > > > via LDAP. > > > > > > This is a great idea. I am willing to help if pointed in the right > > > direction. I guess using PAM and Samba together with LDAP might be a > > > place to start. > > > > > > Have perl, shell (bash) and some c skills, but always willing to > > > learn. > > > > > > Ronny Adsetts > > > > > > -----BEGIN PGP SIGNATURE----- > > > Version: PGP 6.5.1i for non-commercial use <http://www.pgpi.com/> > > > > > > iQA/AwUBOUawvP4+LjEVAJSfEQJMUQCcDdBLxD1S7fkYhM9sniPedA1G3+cAoO57 > > > hMtR+4P+qMsMXS5sNEc5Tyvq > > > =jQaV > > > -----END PGP SIGNATURE----- > > > > > > > > > -- > > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > >
