RE: Basic/NT: Case sensitivity of the passwords.

From: Chemolli Francesco (USI) <ChemolliF@dont-contact.us>
Date: Wed, 9 May 2001 09:12:57 +0200

> > > Hello.
> > >
> > > I am currently looking at the Basic/NT authentication
> > system of Squid,
> > > and I found out that whatever password entered, it will be
> > considered
> > > as case-insensitive by the PDC when sent in clear.
> > >
> > > Does any body knows how to change this behavior as it could be a
> > > potential issue? According to the last samba code I
> looked at, the
> > > behavior should be exactly the same (so, passwords are
> > > case-insensitives), even if the password is crypted (using
> > > SMBEncrypt).
> >
> > This is a "feature" of the authentication scheme.
> > NT authentication can use two different hashes for auth
> > purposes. One is the (more recent) "NT hash", which is
> case-sensitive.
> > The other is the (older) "LM hash" (as in Lan Manager hash) which is
> > case-insensitive, and is the one used by the auth code.
> > The problem is, I'm not really sure on HOW (if it's possible at all)
> > to use the stronger NT hash scheme.
>
> I believe Eric is referring to the a particular basic auth helper, not
> the NTLM version of squid...

All helpers based on the SMB_Authen library have this behaviour, and
this includes the multi-domain-ntlm basic helper.
About the squid NTLM functionalities, it was more or less a forced
behaviour,
as Win9X/ME clients only supply that, while NT/2k clients supply both.

-- 
	/kinkie
Received on Wed May 09 2001 - 01:07:57 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:00 MST