Traduisez - Übersetzen - Traduzca - Traduza - Tradurre - Translate

VanLUG Email Archive

Re: samba and encrypted passwords

Alan Hodgson
Mon, 28 Sep 1998 10:55:04 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: esoteric@island.net: "Re: Computer Stores"
Previous message: Curt Sampson: "Re: samba and encrypted passwords"

On Mon, Sep 28, 1998 at 10:30:50AM -0700, Curt Sampson wrote:
> On Mon, 28 Sep 1998, Alan Hodgson wrote:
>
> > ...ie, with encrypted
> > passwords it will actually save the share password in your
> > .pwl file...
>
> Last I checked, these .PWL files were dead easy to crack. Anyone
> with access to your machine for a few seconds could dump them all
> on a floppy, take them home, and have all your passwords five
> minutes after getting them home.

Well, not dead easy. MS did patch '95 to make the stored passwords
much harder to crack. Yes, of course it is a risk to save them
there regardless.

> I have the following in a file called NOCACHE.REG which I run on
> each new machine to disable the checkbox to save your password:
>
> REGEDIT4
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network]
> "DisablePwdCaching"=dword:00000001

If you disable local password caching, don't you require a network
security provider to even login? Ie. an NT domain controller
or a NetWare system or something? I just haven't played with it.

- Alan

Next message: esoteric@island.net: "Re: Computer Stores"
Previous message: Curt Sampson: "Re: samba and encrypted passwords"