Eric Dumas wrote:
> I understant. In fact, I would be interest to know what need to be
> done to make sure that NT/2k clients authentication passwords could be
> recognize as case sensitive (in the SMB layer, I have not seen a
> specific flag. I've looked at the last samba package and it looks like
> the smblib has the same behavior).
If you want to secure your domain then A good start would probably be to
restrict the server to only accept NT logins (there is a bit in the
registry telling what kind of login methods the server accepts).. if you
don't then you still have the LANMAN hash available and valid for login
case insesitively and with a quite poor hashing algorithm..
Anyway, please remember that passwords are sent in plain-text when using
Basic HTTP authentication to the proxy.
-- Henrik Nordstrom Squid HackerReceived on Wed May 09 2001 - 12:30:28 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:00 MST