mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
0ea126237c
(This used to be commit f8b811bcda
)
50 lines
1.9 KiB
Plaintext
50 lines
1.9 KiB
Plaintext
!==
|
|
!== Passwords.txt for Samba release 2.1.0prealpha 981204
|
|
!==
|
|
Contributor: Unknown
|
|
Date: Unknown
|
|
Status: Current
|
|
|
|
Subject: NOTE ABOUT PASSWORDS
|
|
=============================================================================
|
|
|
|
Unix systems use a wide variety of methods for checking the validity
|
|
of a password. This is primarily controlled with the Makefile defines
|
|
mentioned in the Makefile.
|
|
|
|
Also note that some clients (notably WfWg) uppercase the password
|
|
before sending it. The server tries the password as it receives it and
|
|
also after lowercasing it.
|
|
|
|
The Samba server can also be configured to try different
|
|
upper/lowercase combinations. This is controlled by the [global]
|
|
parameter "password level". A level of N means to try all combinations
|
|
up to N uppercase characters in the password. A high value can chew a
|
|
fair bit of CPU time and can lower the security of your system. Do not
|
|
use this options unless you really need it - the time taken for
|
|
password checking can become so high that clients time out.
|
|
|
|
If you do use the "password level" option then you might like to use
|
|
-DUFC_CRYPT in your Makefile. On some machine this makes password
|
|
checking _much_ faster. This is also useful if you use the @group
|
|
syntax in the user= option.
|
|
|
|
If your site uses AFS (the Andrew File System), you can use the AFS section
|
|
in the Makefile. This will first attempt to authenticate a username and
|
|
password to AFS. If that succeeds, then the associated AFS rights will be
|
|
granted. Otherwise, the password checking routine falls back to whatever
|
|
Unix password checking method you are using. Note that the AFS code is
|
|
only written and tested for AFS 3.3 and later.
|
|
|
|
|
|
SECURITY = SERVER
|
|
=================
|
|
|
|
Samba can use a remote server to do its username/password
|
|
validation. This allows you to have one central machine (for example a
|
|
NT box) control the passwords for the Unix box.
|
|
|
|
See the section on "security =" in smb.conf(5) for details.
|
|
|
|
|