lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <457CDC38.2090907@us.ibm.com>
Date:	Sun, 10 Dec 2006 22:19:04 -0600
From:	Steve French <smfltc@...ibm.com>
To:	Chuck Ebbert <76306.1226@...puserve.com>
CC:	akpm@...l.org, linux-kernel <linux-kernel@...r.kernel.org>,
	Shirish S Pargaonkar <shirishp@...ibm.com>,
	simo <simo@...ba.org>, Jeremy Allison <jra@...ba.org>,
	linux-cifs-client@...ts.samba.org
Subject: Re: -mm merge plans for 2.6.20

Chuck Ebbert wrote:
> In-Reply-To: <4579AFA5.90003@...ibm.com>
>
> On Fri, 08 Dec 2006 12:32:05 -0600, Steve French wrote:
>
>   
>> smbfs deprecation is ok but there are a few things to consider:
>>     
>
> How well-tested is the plaintext password support?
>
> By default the /proc/fs/cifs/SecurityFlags setting is 0x7 (MAY_SIGN |
> MAY_NTLM | MAYNTLMV2). Trying to connect to an old Samba server
> with that, I got a message that the server requested a plain text
> password but client support was disabled.
>
> After changing the flags to 0x37 (adding MAY_LANMAN | MAY_PLNTXT),
> I got "invalid password." Looking at the ethereal traces, it seemed
> that the password was being sent as encrypted Unicode, and the only
> way to make it connect was to set the flags to 0x30.
>   
I don't remember any problems reported with plain text password
support on current cifs and I have certainly seen it negotiated with no 
problem,
but I will double check with your reported flag combination.
> Also, the client doesn't automatically pick up the domain name from
> smb.conf like smbfs does.
>
>   
That is true, and is intentional.   cifs sends a domain of null (ie use 
the server's
default domain) - but it can be overridden on mount
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ