diff options
| author | Samba Release Account <samba-bugs@samba.org> | 1996-05-04 07:50:46 +0000 |
|---|---|---|
| committer | Samba Release Account <samba-bugs@samba.org> | 1996-05-04 07:50:46 +0000 |
| commit | 0e8fd3398771da2f016d72830179507f3edda51b (patch) | |
| tree | b5d07075a85050832720033f7b26c37a301ede72 /docs/textdocs/Passwords.txt | |
| download | samba-0e8fd3398771da2f016d72830179507f3edda51b.tar.gz samba-0e8fd3398771da2f016d72830179507f3edda51b.tar.bz2 samba-0e8fd3398771da2f016d72830179507f3edda51b.zip | |
Initial version imported to CVS
(This used to be commit 291551d80711daab7b7581720bcd9a08d6096517)
Diffstat (limited to 'docs/textdocs/Passwords.txt')
| -rw-r--r-- | docs/textdocs/Passwords.txt | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/docs/textdocs/Passwords.txt b/docs/textdocs/Passwords.txt new file mode 100644 index 0000000000..e06876feca --- /dev/null +++ b/docs/textdocs/Passwords.txt @@ -0,0 +1,42 @@ +NOTE ABOUT PASSWORDS +==================== + +Unix systems use a wide variety of methods for checking the validity +of a password. This is primarily controlled with the Makefile defines +mentioned in the Makefile. + +Also note that some clients (notably WfWg) uppercase the password +before sending it. The server tries the password as it receives it and +also after lowercasing it. + +The Samba server can also be configured to try different +upper/lowercase combinations. This is controlled by the [global] +parameter "password level". A level of N means to try all combinations +up to N uppercase characters in the password. A high value can chew a +fair bit of CPU time and can lower the security of your system. Do not +use this options unless you really need it - the time taken for +password checking can become so high that clients time out. + +If you do use the "password level" option then you might like to use +-DUFC_CRYPT in your Makefile. On some machine this makes password +checking _much_ faster. This is also useful if you use the @group +syntax in the user= option. + +If your site uses AFS (the Andrew File System), you can use the AFS section +in the Makefile. This will first attempt to authenticate a username and +password to AFS. If that succeeds, then the associated AFS rights will be +granted. Otherwise, the password checking routine falls back to whatever +Unix password checking method you are using. Note that the AFS code is +only written and tested for AFS 3.3 and later. + + +SECURITY = SERVER +================= + +Samba can use a remote server to do it's username/password +validation. This allows you to have one central machine (for example a +NT box) control the passwords for the Unix box. + +See the section on "security =" in smb.conf(5) for details. + + |