[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Unix auth via LDAP & now need to add Samba!
On Wed, 1 May 2002, David Wright wrote:
> Your step-by-step illustrates the flaw perfectly! The server stores HP.
> But HP can be used for authentiation (by hashing with the challenge to
> produce HC)! It's true that the cleartext of the password P is safe, so if
HPC nor HPS ever appears on the wire, so where did the attacker get it?
He can't calculate it unless he knows the password.
--
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".