diff options
Diffstat (limited to 'docs-xml/manpages-3/smbpasswd.5.xml')
| -rw-r--r-- | docs-xml/manpages-3/smbpasswd.5.xml | 211 |
1 files changed, 0 insertions, 211 deletions
diff --git a/docs-xml/manpages-3/smbpasswd.5.xml b/docs-xml/manpages-3/smbpasswd.5.xml deleted file mode 100644 index 34676f64ee..0000000000 --- a/docs-xml/manpages-3/smbpasswd.5.xml +++ /dev/null @@ -1,211 +0,0 @@ -<?xml version="1.0" encoding="iso-8859-1"?> -<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> -<refentry id="smbpasswd.5"> - -<refmeta> - <refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum> - <refmiscinfo class="source">Samba</refmiscinfo> - <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> -</refmeta> - - -<refnamediv> - <refname>smbpasswd</refname> - <refpurpose>The Samba encrypted password file</refpurpose> -</refnamediv> - -<refsynopsisdiv> - <para><filename>smbpasswd</filename></para> -</refsynopsisdiv> - -<refsect1> - <title>DESCRIPTION</title> - - <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> - - <para>smbpasswd is the Samba encrypted password file. It contains - the username, Unix user id and the SMB hashed passwords of the - user, as well as account flag information and the time the - password was last changed. This file format has been evolving with - Samba and has had several different formats in the past. </para> -</refsect1> - -<refsect1> - <title>FILE FORMAT</title> - - <para>The format of the smbpasswd file used by Samba 2.2 - is very similar to the familiar Unix <filename>passwd(5)</filename> - file. It is an ASCII file containing one line for each user. Each field - ithin each line is separated from the next by a colon. Any entry - beginning with '#' is ignored. The smbpasswd file contains the - following information for each user: </para> - - <variablelist> - <varlistentry> - <term>name</term> - <listitem><para> This is the user name. It must be a name that - already exists in the standard UNIX passwd file. </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>uid</term> - <listitem><para>This is the UNIX uid. It must match the uid - field for the same user entry in the standard UNIX passwd file. - If this does not match then Samba will refuse to recognize - this smbpasswd file entry as being valid for a user. - </para></listitem> - </varlistentry> - - - <varlistentry> - <term>Lanman Password Hash</term> - <listitem><para>This is the LANMAN hash of the user's password, - encoded as 32 hex digits. The LANMAN hash is created by DES - encrypting a well known string with the user's password as the - DES key. This is the same password used by Windows 95/98 machines. - Note that this password hash is regarded as weak as it is - vulnerable to dictionary attacks and if two users choose the - same password this entry will be identical (i.e. the password - is not "salted" as the UNIX password is). If the user has a - null password this field will contain the characters "NO PASSWORD" - as the start of the hex string. If the hex string is equal to - 32 'X' characters then the user's account is marked as - <constant>disabled</constant> and the user will not be able to - log onto the Samba server. </para> - - <para><emphasis>WARNING !!</emphasis> Note that, due to - the challenge-response nature of the SMB/CIFS authentication - protocol, anyone with a knowledge of this password hash will - be able to impersonate the user on the network. For this - reason these hashes are known as <emphasis>plain text - equivalents</emphasis> and must <emphasis>NOT</emphasis> be made - available to anyone but the root user. To protect these passwords - the smbpasswd file is placed in a directory with read and - traverse access only to the root user and the smbpasswd file - itself must be set to be read/write only by root, with no - other access. </para></listitem> - </varlistentry> - - - <varlistentry> - <term>NT Password Hash</term> - <listitem><para>This is the Windows NT hash of the user's - password, encoded as 32 hex digits. The Windows NT hash is - created by taking the user's password as represented in - 16-bit, little-endian UNICODE and then applying the MD4 - (internet rfc1321) hashing algorithm to it. </para> - - <para>This password hash is considered more secure than - the LANMAN Password Hash as it preserves the case of the - password and uses a much higher quality hashing algorithm. - However, it is still the case that if two users choose the same - password this entry will be identical (i.e. the password is - not "salted" as the UNIX password is). </para> - - <para><emphasis>WARNING !!</emphasis>. Note that, due to - the challenge-response nature of the SMB/CIFS authentication - protocol, anyone with a knowledge of this password hash will - be able to impersonate the user on the network. For this - reason these hashes are known as <emphasis>plain text - equivalents</emphasis> and must <emphasis>NOT</emphasis> be made - available to anyone but the root user. To protect these passwords - the smbpasswd file is placed in a directory with read and - traverse access only to the root user and the smbpasswd file - itself must be set to be read/write only by root, with no - other access. </para></listitem> - </varlistentry> - - - <varlistentry> - <term>Account Flags</term> - <listitem><para>This section contains flags that describe - the attributes of the users account. This field is bracketed by - '[' and ']' characters and is always 13 characters in length - (including the '[' and ']' characters). - The contents of this field may be any of the following characters: - </para> - - <itemizedlist> - <listitem><para><emphasis>U</emphasis> - This means - this is a "User" account, i.e. an ordinary user.</para></listitem> - - <listitem><para><emphasis>N</emphasis> - This means the - account has no password (the passwords in the fields LANMAN - Password Hash and NT Password Hash are ignored). Note that this - will only allow users to log on with no password if the <parameter> - null passwords</parameter> parameter is set in the - <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> config file. </para></listitem> - - <listitem><para><emphasis>D</emphasis> - This means the account - is disabled and no SMB/CIFS logins will be allowed for this user. </para></listitem> - - <listitem><para><emphasis>X</emphasis> - This means the password - does not expire. </para></listitem> - - <listitem><para><emphasis>W</emphasis> - This means this account - is a "Workstation Trust" account. This kind of account is used - in the Samba PDC code stream to allow Windows NT Workstations - and Servers to join a Domain hosted by a Samba PDC. </para> - </listitem> - </itemizedlist> - - <para>Other flags may be added as the code is extended in future. - The rest of this field space is filled in with spaces. For further - information regarding the flags that are supported please refer to the - man page for the <command>pdbedit</command> command.</para> - </listitem> - </varlistentry> - - - <varlistentry> - <term>Last Change Time</term> - <listitem><para>This field consists of the time the account was - last modified. It consists of the characters 'LCT-' (standing for - "Last Change Time") followed by a numeric encoding of the UNIX time - in seconds since the epoch (1970) that the last change was made. - </para></listitem> - </varlistentry> - </variablelist> - - <para>All other colon separated fields are ignored at this time.</para> -</refsect1> - -<refsect1> - <title>VERSION</title> - - <para>This man page is correct for version 3 of - the Samba suite.</para> -</refsect1> - -<refsect1> - <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>, and - the Internet RFC1321 for details on the MD4 algorithm. - </para> -</refsect1> - -<refsect1> - <title>AUTHOR</title> - - <para>The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed.</para> - - <para>The original Samba man pages were written by Karl Auer. - The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink noescape="1" url="ftp://ftp.icce.rug.nl/pub/unix/"> - ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 - release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> -</refsect1> - -</refentry> |