indeed!
> Heh. We can't do it that way, because then anybody could just read
> /etc/passwd and send the proper (or rather, "improper") encrypted password
> directly without having to worry about have to know and type the real
> password. This is an issue even with shadow passwords, because _if_ the
> shadow file is ever readable you're then wide open (instead of at least
> having the normal crypt() security).
Pity Microsoft didn't relise this. The encryption used in the SMB
protocol is based on a very similar principle. The encrypted password
stored in the password database on MS servers is a one-way hash of the
users password, in a similar fashion to the unix one. Unfortunately
the algorithm they use for talking to the server means that if the
client knows this hash (known as a "P16" value) then it can login to the
server without knowing the cleartext password at all. Urrgh.
The Microsoft Technet CDROM claims that they use encrypted passwords
both on the net and on disk, and this is strictly true, but it
neglects to mention that the ones kept on disk are "plain text
equivalent" because they can be used to login. You better make sure
noone can read that password file ...
Just one of the many bits of trivia you discover when implementing SMB :-)
Cheers, Andrew