| blob | 3d7acac9dd3fcc4b6ea3dd5fcc84121acec18c8c |
1 Contributor: Unknown
2 Date: Unknown
3 Status: Current
5 Subject: NOTE ABOUT PASSWORDS
6 =============================================================================
8 Unix systems use a wide variety of methods for checking the validity
9 of a password. This is primarily controlled with the Makefile defines
10 mentioned in the Makefile.
12 Also note that some clients (notably WfWg) uppercase the password
13 before sending it. The server tries the password as it receives it and
14 also after lowercasing it.
16 The Samba server can also be configured to try different
17 upper/lowercase combinations. This is controlled by the [global]
18 parameter "password level". A level of N means to try all combinations
19 up to N uppercase characters in the password. A high value can chew a
20 fair bit of CPU time and can lower the security of your system. Do not
21 use this options unless you really need it - the time taken for
22 password checking can become so high that clients time out.
24 If you do use the "password level" option then you might like to use
25 -DUFC_CRYPT in your Makefile. On some machine this makes password
26 checking _much_ faster. This is also useful if you use the @group
27 syntax in the user= option.
29 If your site uses AFS (the Andrew File System), you can use the AFS section
30 in the Makefile. This will first attempt to authenticate a username and
31 password to AFS. If that succeeds, then the associated AFS rights will be
32 granted. Otherwise, the password checking routine falls back to whatever
33 Unix password checking method you are using. Note that the AFS code is
34 only written and tested for AFS 3.3 and later.
37 SECURITY = SERVER
38 =================
40 Samba can use a remote server to do it's username/password
41 validation. This allows you to have one central machine (for example a
42 NT box) control the passwords for the Unix box.
44 See the section on "security =" in smb.conf(5) for details.