Date: Sun, 20 Aug 2000 07:00:05 -0600 From: Joe Warner <jswarner@uswest.net> To: "Rashid N. Achilov" <achilov@granch.ru> Cc: freebsd-newbies@FreeBSD.ORG, Jason La <jasonla_@hotmail.com> Subject: Re: Samba Question Message-ID: <399FD655.AA4D81A@uswest.net> References: <XFMail.000820105338.shelton@sentry.granch.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--------------B471CA6D6E1CE920EE9B6D0F Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I think, plaintext password is A BIG HOLE in network security. It certainly is a big hole in network security and circumvents the security that's put in place when you install NT. However, IMHO, for it to be a hole, you need to have something to hide or to protect. In my case, I don't store any sensitive data on my WIN NT 4.0 (sp 6) machine and really don't care if someone breaks into it. The only thing that would annoy me is if somone broke in and trashed it. This wouldn't bother me too bad, since I have a current ghost image of my configuration on CD and it would take me about 20 minutes to pour it back on. As far as traffic sniffing goes, I'm sure there are tons of apps and methods out there that could capture/expose a lot of information, regardless of whether plaintext passwords are enabled or not. Knowing this, you certainly wouldn't want to make it easy for someone. However, I believe the best security you could have would be to get good and frequent backups of your system and don't have anything someone would want to steal. I tend to care less about my WIN NT machine and focus most of my attention/efforts on my PC running FreeBSD. That's where all the good stuff is! 8^) Joe "Rashid N. Achilov" wrote: > On 19-Aug-00 Joe Warner wrote: > > > > I'm assuming that you're trying to connect to your Samba server via WIN > > NT? If so, you need to go into the registry and add a key that enables > > plaintext passwords. You can find information on how to do this in > > /usr/local/share/doc/samba. > > > > I think, plaintext password is A BIG HOLE in network security. I'd recommend use it only when you > absolutely sure, that nobody can steal/snoop/catch/listen (or other many methods :-) ) your traffic. > If you aren't sure, you have to read DOMAIN_CONTROL.txt, ENCRYPTION.txt, NTDOMAIN.txt and > Passwords.txt (and Samba doc catalog contained many other useful hints :-) ), which describes how > to use encrypted native NT passwords. If you have NT domain controller, you can include Samba > computer into NT domain and now it will be check passwords through NT server. > -- > With Best Regards. > Rashid N. Achilov (RNA1-RIPE), Brainbench ID: 28514, Granch Ltd. lead engineer > e-mail: achilov@granch.ru, tel (383-2) 24-2363 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-newbies" in the body of the message -- FreeBSD = The Power to Serve ..Simply put = FreeBSD Rocks! --------------B471CA6D6E1CE920EE9B6D0F Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <!doctype html public "-//w3c//dtd html 4.0 transitional//en"> <html> <i>I think, plaintext password is A BIG HOLE in network security.</i><i></i> <p>It certainly is a big hole in network security and circumvents the security that's put in place when you install NT. However, IMHO, for it to be a hole, you need to have something to hide or to protect. In my case, I don't store any sensitive data on my WIN NT 4.0 (sp 6) machine and really don't care if someone breaks into it. The only thing that would annoy me is if somone broke in and trashed it. This wouldn't bother me too bad, since I have a current ghost image of my configuration on CD and it would take me about 20 minutes to pour it back on. As far as traffic sniffing goes, I'm sure there are tons of apps and methods out there that could capture/expose a lot of information, regardless of whether plaintext passwords are enabled or not. Knowing this, you certainly wouldn't want to make it easy for someone. However, I believe the best security you could have would be to get good and frequent backups of your system and don't have anything someone would want to steal. I tend to care less about my WIN NT machine and focus most of my attention/efforts on my PC running FreeBSD. That's where all the good stuff is! 8^) <p>Joe <br> <p>"Rashid N. Achilov" wrote: <blockquote TYPE=CITE>On 19-Aug-00 Joe Warner wrote: <br>> <br>> I'm assuming that you're trying to connect to your Samba server via WIN <br>> NT? If so, you need to go into the registry and add a key that enables <br>> plaintext passwords. You can find information on how to do this in <br>> /usr/local/share/doc/samba. <br>> <p>I think, plaintext password is A BIG HOLE in network security. I'd recommend use it only when you <br>absolutely sure, that nobody can steal/snoop/catch/listen (or other many methods :-) ) your traffic. <br>If you aren't sure, you have to read DOMAIN_CONTROL.txt, ENCRYPTION.txt, NTDOMAIN.txt and <br>Passwords.txt (and Samba doc catalog contained many other useful hints :-) ), which describes how <br>to use encrypted native NT passwords. If you have NT domain controller, you can include Samba <br>computer into NT domain and now it will be check passwords through NT server. <br>-- <br> With Best Regards. <br> Rashid N. Achilov (RNA1-RIPE), Brainbench ID: 28514, Granch Ltd. lead engineer <br> e-mail: achilov@granch.ru, tel (383-2) 24-2363 <p>To Unsubscribe: send mail to majordomo@FreeBSD.org <br>with "unsubscribe freebsd-newbies" in the body of the message</blockquote> <p>-- <p> FreeBSD = The Power to Serve <br> ..Simply put = FreeBSD Rocks! <br> </html> --------------B471CA6D6E1CE920EE9B6D0F-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?399FD655.AA4D81A>