On 12/15/2010 11:47 PM, Howard Chu wrote:
Hugo Monteiro wrote:On 12/15/2010 07:19 PM, Howard Chu wrote:Thierry Lacoste wrote:I noticed some differences. In particular ldappasswd updates sambaLMPassword while kpasswd does not.I suppose we can delete sambaLMPassword support by now, certainly no one should be using it any more.I'm sorry but did i understand correctly that sambaLMPassword will no longer be updated while using the smbk5pwd overlay? Also, i would like to know why do you state that "no one should be using it any more". Besides Samba itself, it can (as is) used by freeradius while using PEAP and MsCHAPv2 for wireless clients authentication.That's interesting, especially since the KDC itself doesn't maintain sambaLMPassword. The LANMAN hash mechanism has been obsolete for years, it is intrinsically weak and is not a good security mechanism.I think you're mistaken, anyway; according to RFC2759 which defines MSCHAPv2, it uses an NT hash, not a LANMAN hash. The LANMAN hash was used for MSCHAPv1 which is also obsolete.
Hello Howard,Thanks for clarifying that for me, i was under the impression that MSCHAPv2 used the LANMAN password . I should have consulted the RFC first.
Best Regards, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email : hugo.monteiro@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.pt apoio@fct.unl.pt fct.unl.pt:~# _