I am trying to research SAMBA and PAM for the company I work for. They want to use Samba as a file server for our storage with the usernames and passwords controlled via NT. I know that Samba can use PAM to try the passwords from the NT Domain Controllers (it can do this, right?) but I do not know how the information is transferred. Cleartext is a major problem here and I need to know how PAM does what it does...

Does PAM use cleartext by default? If it does, can I force it to encrypt the password?

Thanks!
Andy

I don't do SMB, but IIRC there are 2 ways to get auth'ed: the NT/LM and UNIX type. NTLM is (again,IIRC) encrypted because NT doesnt like unsigned authentication, while UNIX is cleartext.

Since there are no more reactions here, maybe you should try the ppl at an NG, maybe sorta like smb.protocols.(something).

you can force password encryption in the /etc/smb.conf file with

encrypt password = yes

i'm not sure what the protocol is tho...

man smb.conf sez

encrypt passwords (G)

This boolean controls whether encrypted passwords
will be negotiated with the client. Note that Win*
dows NT 4.0 SP3 and above and also Windows 98 will
by default expect encrypted passwords unless a reg*
istry entry is changed. To use encrypted passwords
in Samba see the file ENCRYPTION.txt in the Samba
documentation directory docs/ shipped with the
source code.

In order for encrypted passwords to work correctly
smbd must either have access to a local smbpasswd
(5) file (see the smbpasswd (8) program for infor*
mation on how to set up and maintain this file), or
set the security= parameter to either "server" or
"domain" which causes smbd to authenticate against
another server.


so i'd guess it's encrypted PAM