SAMBA ?
Marek Jakub
marek at Kamila.kolej.mff.cuni.cz
Wed Apr 24 20:08:13 CEST 1996
On Tue, 23 Apr 1996, Marek Kubita wrote:
> On Tue, 23 Apr 1996, Milan Rott wrote:
>
> > nema nekdo nejake prakticke zkusenosti se SAMBOU (mozno spatrit na
> > http://lake.canberra.edu.au/pub/samba).
> > Jedna se mi zejmena o bezpecnost protokolu SMB.
> >
>
> Samba je vyborny produkt, bezpecnost zavisi na tom, co nakonfigurujete v
> smb.conf - daji se tam udelat docela nebezpecne veci - aspon podle
> upozorneni v dokumentaci. Samba zatim nepodporuje kryptovana hesla.
To myslim nie je celkom pravda, standardna dodavka sice kryptenie
nepodporuje, ale existuje nejaky patch (popisany v dokumentacii), ktory
kodovanie umozni.
Mne bez toho nechceli chodit Win NT, a podla dokumentacie NT-cka odmietaju
komunikovat so serverom, ktory kodovane hesla nepodporuje
podrobnejsie ENCRYPTION.txt z distribucie samby
IMPORTANT NOTE ABOUT SECURITY
-----------------------------
... The SMB encryption scheme never sends the cleartext
^^^^^^^^^^^
password over the network but it does store the 16 byte hashed value
on disk. This is also bad. Why? Because the 16 byte hashed value is a
"password equivalent". You cannot derive the users password from it,
but it could potentially be used in a modified client to gain access
to a server. This would require considerable technical knowledge on
behalf of the attacker but is perfectly possible. You should thus
treat the smbpasswd file as though it contained the cleartext
passwords of all your users. Its contents must be kept secret, and the
file should be protected accordingly. ....
V tom istom subore je i popis ako to cele rozchodit
> Mam dojem ze take nerespektuje prosla hesla (dovoluje prihlasit se s
> heslem, jehoz platnost vyprsela).
Mate na mysli asi samba + shadow passwords, to som doteraz neskusal, takze
neviem
Marek
mjak1329 at linux.ms.mff.cuni.cz
PS: je tato konferencia i na newsoch?
More information about the net
mailing list