[Likewise-open-discuss] Getting AD password hashes

[Carl Johnson]

>> If AD is not reachable, what happens?
>
> We store the salted MD hash of the NT hash in a protected
> file on disk (another one-way hash) in order to support
> cached logins.  So for example, my laptop is joined to
> a local AD domain in my office but I can still login
> when traveling or working at coffee shops.
>
> This feature can be disabled if you prefer.

What if the user has never logged in to that system? This scenario is  
possible with on-call support in a large environment.

Carl