| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200612092220_MC3-1-D483-92AE@compuserve.com> Date: Sat, 9 Dec 2006 22:18:45 -0500 From: Chuck Ebbert <76306.1226@...puserve.com> To: Steve French <smfltc@...ibm.com> Cc: akpm@...l.org, linux-kernel <linux-kernel@...r.kernel.org>, Shirish S Pargaonkar <shirishp@...ibm.com>, simo <simo@...ba.org>, Jeremy Allison <jra@...ba.org>, linux-cifs-client@...ts.samba.org Subject: Re: -mm merge plans for 2.6.20 In-Reply-To: <4579AFA5.90003@...ibm.com> On Fri, 08 Dec 2006 12:32:05 -0600, Steve French wrote: > smbfs deprecation is ok but there are a few things to consider: > 2) minor holes in backlevel server (OS/2 and Windows 9x/WindowsME) support How well-tested is the plaintext password support? By default the /proc/fs/cifs/SecurityFlags setting is 0x7 (MAY_SIGN | MAY_NTLM | MAYNTLMV2). Trying to connect to an old Samba server with that, I got a message that the server requested a plain text password but client support was disabled. After changing the flags to 0x37 (adding MAY_LANMAN | MAY_PLNTXT), I got "invalid password." Looking at the ethereal traces, it seemed that the password was being sent as encrypted Unicode, and the only way to make it connect was to set the flags to 0x30. Also, the client doesn't automatically pick up the domain name from smb.conf like smbfs does. -- Chuck "Even supernovas have their duller moments." - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists