[Likewise-open-discuss] Getting AD password hashes
Gerald (Jerry) Carter
jerry at samba.org
Wed Apr 23 15:28:41 PDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Carl Johnson wrote:
>> Likewise (as does Samba) authenticates the user against AD.
>> It is client side. So my question of why synchronize passwords
>> in /etc/passwd when you can authenticate directly against AD
>> using security protocols is as yet unanswered. If you could
>> help me understand why you require validating only against
>> local system files, that would help. Thanks.
>
> If AD is not reachable, what happens?
We store the salted MD hash of the NT hash in a protected
file on disk (another one-way hash) in order to support
cached logins. So for example, my laptop is joined to
a local AD domain in my office but I can still login
when traveling or working at coffee shops.
This feature can be disabled if you prefer.
cheers, jerry
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewisesoftware.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFID7gZIR7qMdg1EfYRAvcsAJ0dzbNTNh8/B9hW9akabIUB47atLgCeI9xF
Lh2Of86U7JfiPMU+amyosoc=
=xdxv
-----END PGP SIGNATURE-----
More information about the Likewise-open-discuss
mailing list