home *** CD-ROM | disk | FTP | other *** search
- Contributor: Unknown
- Date: Unknown
- Status: Current
-
- Subject: NOTE ABOUT PASSWORDS
- =============================================================================
-
- Unix systems use a wide variety of methods for checking the validity
- of a password. This is primarily controlled with the Makefile defines
- mentioned in the Makefile.
-
- Also note that some clients (notably WfWg) uppercase the password
- before sending it. The server tries the password as it receives it and
- also after lowercasing it.
-
- The Samba server can also be configured to try different
- upper/lowercase combinations. This is controlled by the [global]
- parameter "password level". A level of N means to try all combinations
- up to N uppercase characters in the password. A high value can chew a
- fair bit of CPU time and can lower the security of your system. Do not
- use this options unless you really need it - the time taken for
- password checking can become so high that clients time out.
-
- If you do use the "password level" option then you might like to use
- -DUFC_CRYPT in your Makefile. On some machine this makes password
- checking _much_ faster. This is also useful if you use the @group
- syntax in the user= option.
-
- If your site uses AFS (the Andrew File System), you can use the AFS section
- in the Makefile. This will first attempt to authenticate a username and
- password to AFS. If that succeeds, then the associated AFS rights will be
- granted. Otherwise, the password checking routine falls back to whatever
- Unix password checking method you are using. Note that the AFS code is
- only written and tested for AFS 3.3 and later.
-
-
- SECURITY = SERVER
- =================
-
- Samba can use a remote server to do it's username/password
- validation. This allows you to have one central machine (for example a
- NT box) control the passwords for the Unix box.
-
- See the section on "security =" in smb.conf(5) for details.
-
-
-
