Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am trying to research SAMBA and PAM for the company I work for. They want to use Samba as a file server for our storage with the usernames and passwords controlled via NT. I know that Samba can use PAM to try the passwords from the NT Domain Controllers (it can do this, right?) but I do not know how the information is transferred. Cleartext is a major problem here and I need to know how PAM does what it does...
Does PAM use cleartext by default? If it does, can I force it to encrypt the password?
I don't do SMB, but IIRC there are 2 ways to get auth'ed: the NT/LM and UNIX type. NTLM is (again,IIRC) encrypted because NT doesnt like unsigned authentication, while UNIX is cleartext.
Since there are no more reactions here, maybe you should try the ppl at an NG, maybe sorta like smb.protocols.(something).
you can force password encryption in the /etc/smb.conf file with
encrypt password = yes
i'm not sure what the protocol is tho...
man smb.conf sez
encrypt passwords (G)
This boolean controls whether encrypted passwords
will be negotiated with the client. Note that Win*
dows NT 4.0 SP3 and above and also Windows 98 will
by default expect encrypted passwords unless a reg*
istry entry is changed. To use encrypted passwords
in Samba see the file ENCRYPTION.txt in the Samba
documentation directory docs/ shipped with the
source code.
In order for encrypted passwords to work correctly
smbd must either have access to a local smbpasswd
(5) file (see the smbpasswd (8) program for infor*
mation on how to set up and maintain this file), or
set the security= parameter to either "server" or
"domain" which causes smbd to authenticate against
another server.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.