summaryrefslogtreecommitdiff
path: root/docs/manpages/smbpasswd.5
diff options
context:
space:
mode:
Diffstat (limited to 'docs/manpages/smbpasswd.5')
-rw-r--r--docs/manpages/smbpasswd.5222
1 files changed, 88 insertions, 134 deletions
diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5
index 07b04530c3..75645d4b6a 100644
--- a/docs/manpages/smbpasswd.5
+++ b/docs/manpages/smbpasswd.5
@@ -1,157 +1,111 @@
-.\" This manpage has been automatically generated by docbook2man
-.\" from a DocBook document. This tool can be found at:
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
-.\" Please send any bug reports, improvements, comments, patches,
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBPASSWD" "5" "04 March 2003" "" ""
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
+.de Sh \" Subsection
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Ip \" List item
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.TH "SMBPASSWD" 5 "" "" ""
.SH NAME
smbpasswd \- The Samba encrypted password file
-.SH SYNOPSIS
+.SH "SYNOPSIS"
+
.PP
\fIsmbpasswd\fR
+
.SH "DESCRIPTION"
+
.PP
-This tool is part of the Samba suite.
+This tool is part of the \fBSamba\fR(7) suite\&.
+
.PP
-smbpasswd is the Samba encrypted password file. It contains
-the username, Unix user id and the SMB hashed passwords of the
-user, as well as account flag information and the time the
-password was last changed. This file format has been evolving with
-Samba and has had several different formats in the past.
+smbpasswd is the Samba encrypted password file\&. It contains the username, Unix user id and the SMB hashed passwords of the user, as well as account flag information and the time the password was last changed\&. This file format has been evolving with Samba and has had several different formats in the past\&.
+
.SH "FILE FORMAT"
+
.PP
-The format of the smbpasswd file used by Samba 2.2
-is very similar to the familiar Unix \fIpasswd(5)\fR
-file. It is an ASCII file containing one line for each user. Each field
-ithin each line is separated from the next by a colon. Any entry
-beginning with '#' is ignored. The smbpasswd file contains the
-following information for each user:
+The format of the smbpasswd file used by Samba 2\&.2 is very similar to the familiar Unix \fIpasswd(5)\fR file\&. It is an ASCII file containing one line for each user\&. Each field ithin each line is separated from the next by a colon\&. Any entry beginning with '#' is ignored\&. The smbpasswd file contains the following information for each user:
+
.TP
-\fBname\fR
-This is the user name. It must be a name that
-already exists in the standard UNIX passwd file.
+name
+This is the user name\&. It must be a name that already exists in the standard UNIX passwd file\&.
+
+
.TP
-\fBuid\fR
-This is the UNIX uid. It must match the uid
-field for the same user entry in the standard UNIX passwd file.
-If this does not match then Samba will refuse to recognize
-this smbpasswd file entry as being valid for a user.
+uid
+This is the UNIX uid\&. It must match the uid field for the same user entry in the standard UNIX passwd file\&. If this does not match then Samba will refuse to recognize this smbpasswd file entry as being valid for a user\&.
+
+
.TP
-\fBLanman Password Hash\fR
-This is the LANMAN hash of the user's password,
-encoded as 32 hex digits. The LANMAN hash is created by DES
-encrypting a well known string with the user's password as the
-DES key. This is the same password used by Windows 95/98 machines.
-Note that this password hash is regarded as weak as it is
-vulnerable to dictionary attacks and if two users choose the
-same password this entry will be identical (i.e. the password
-is not "salted" as the UNIX password is). If the user has a
-null password this field will contain the characters "NO PASSWORD"
-as the start of the hex string. If the hex string is equal to
-32 'X' characters then the user's account is marked as
-disabled and the user will not be able to
-log onto the Samba server.
-
-\fBWARNING !!\fR Note that, due to
-the challenge-response nature of the SMB/CIFS authentication
-protocol, anyone with a knowledge of this password hash will
-be able to impersonate the user on the network. For this
-reason these hashes are known as \fBplain text
-equivalents\fR and must \fBNOT\fR be made
-available to anyone but the root user. To protect these passwords
-the smbpasswd file is placed in a directory with read and
-traverse access only to the root user and the smbpasswd file
-itself must be set to be read/write only by root, with no
-other access.
+Lanman Password Hash
+This is the LANMAN hash of the user's password, encoded as 32 hex digits\&. The LANMAN hash is created by DES encrypting a well known string with the user's password as the DES key\&. This is the same password used by Windows 95/98 machines\&. Note that this password hash is regarded as weak as it is vulnerable to dictionary attacks and if two users choose the same password this entry will be identical (i\&.e\&. the password is not "salted" as the UNIX password is)\&. If the user has a null password this field will contain the characters "NO PASSWORD" as the start of the hex string\&. If the hex string is equal to 32 'X' characters then the user's account is marked as \fBdisabled\fR and the user will not be able to log onto the Samba server\&.
+
+
+\fBWARNING !!\fR Note that, due to the challenge-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this password hash will be able to impersonate the user on the network\&. For this reason these hashes are known as \fBplain text equivalents\fR and must \fBNOT\fR be made available to anyone but the root user\&. To protect these passwords the smbpasswd file is placed in a directory with read and traverse access only to the root user and the smbpasswd file itself must be set to be read/write only by root, with no other access\&.
+
+
.TP
-\fBNT Password Hash\fR
-This is the Windows NT hash of the user's
-password, encoded as 32 hex digits. The Windows NT hash is
-created by taking the user's password as represented in
-16-bit, little-endian UNICODE and then applying the MD4
-(internet rfc1321) hashing algorithm to it.
-
-This password hash is considered more secure than
-the LANMAN Password Hash as it preserves the case of the
-password and uses a much higher quality hashing algorithm.
-However, it is still the case that if two users choose the same
-password this entry will be identical (i.e. the password is
-not "salted" as the UNIX password is).
-
-\fBWARNING !!\fR. Note that, due to
-the challenge-response nature of the SMB/CIFS authentication
-protocol, anyone with a knowledge of this password hash will
-be able to impersonate the user on the network. For this
-reason these hashes are known as \fBplain text
-equivalents\fR and must \fBNOT\fR be made
-available to anyone but the root user. To protect these passwords
-the smbpasswd file is placed in a directory with read and
-traverse access only to the root user and the smbpasswd file
-itself must be set to be read/write only by root, with no
-other access.
+NT Password Hash
+This is the Windows NT hash of the user's password, encoded as 32 hex digits\&. The Windows NT hash is created by taking the user's password as represented in 16-bit, little-endian UNICODE and then applying the MD4 (internet rfc1321) hashing algorithm to it\&.
+
+
+This password hash is considered more secure than the LANMAN Password Hash as it preserves the case of the password and uses a much higher quality hashing algorithm\&. However, it is still the case that if two users choose the same password this entry will be identical (i\&.e\&. the password is not "salted" as the UNIX password is)\&.
+
+
+\fBWARNING !!\fR\&. Note that, due to the challenge-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this password hash will be able to impersonate the user on the network\&. For this reason these hashes are known as \fBplain text equivalents\fR and must \fBNOT\fR be made available to anyone but the root user\&. To protect these passwords the smbpasswd file is placed in a directory with read and traverse access only to the root user and the smbpasswd file itself must be set to be read/write only by root, with no other access\&.
+
+
.TP
-\fBAccount Flags\fR
-This section contains flags that describe
-the attributes of the users account. In the Samba 2.2 release
-this field is bracketed by '[' and ']' characters and is always
-13 characters in length (including the '[' and ']' characters).
-The contents of this field may be any of the characters.
-.RS
-.TP 0.2i
-\(bu
-\fBU\fR - This means
-this is a "User" account, i.e. an ordinary user. Only User
-and Workstation Trust accounts are currently supported
-in the smbpasswd file.
-.TP 0.2i
-\(bu
-\fBN\fR - This means the
-account has no password (the passwords in the fields LANMAN
-Password Hash and NT Password Hash are ignored). Note that this
-will only allow users to log on with no password if the \fI null passwords\fR parameter is set in the \fIsmb.conf(5)
-\fR config file.
-.TP 0.2i
-\(bu
-\fBD\fR - This means the account
-is disabled and no SMB/CIFS logins will be allowed for
-this user.
-.TP 0.2i
-\(bu
-\fBW\fR - This means this account
-is a "Workstation Trust" account. This kind of account is used
-in the Samba PDC code stream to allow Windows NT Workstations
-and Servers to join a Domain hosted by a Samba PDC.
-.RE
-
-Other flags may be added as the code is extended in future.
-The rest of this field space is filled in with spaces.
+Account Flags
+This section contains flags that describe the attributes of the users account\&. In the Samba 2\&.2 release this field is bracketed by '[' and ']' characters and is always 13 characters in length (including the '[' and ']' characters)\&. The contents of this field may be any of the following characters:
+
+
+\fBU\fR - This means this is a "User" account, i\&.e\&. an ordinary user\&. Only User and Workstation Trust accounts are currently supported in the smbpasswd file\&.
+
+\fBN\fR - This means the account has no password (the passwords in the fields LANMAN Password Hash and NT Password Hash are ignored)\&. Note that this will only allow users to log on with no password if the \fI null passwords\fR parameter is set in the \fBsmb.conf\fR(5) config file\&.
+
+\fBD\fR - This means the account is disabled and no SMB/CIFS logins will be allowed for this user\&.
+
+\fBW\fR - This means this account is a "Workstation Trust" account\&. This kind of account is used in the Samba PDC code stream to allow Windows NT Workstations and Servers to join a Domain hosted by a Samba PDC\&.
+
+Other flags may be added as the code is extended in future\&. The rest of this field space is filled in with spaces\&.
+
+
.TP
-\fBLast Change Time\fR
-This field consists of the time the account was
-last modified. It consists of the characters 'LCT-' (standing for
-"Last Change Time") followed by a numeric encoding of the UNIX time
-in seconds since the epoch (1970) that the last change was made.
+Last Change Time
+This field consists of the time the account was last modified\&. It consists of the characters 'LCT-' (standing for "Last Change Time") followed by a numeric encoding of the UNIX time in seconds since the epoch (1970) that the last change was made\&.
+
+
.PP
-All other colon separated fields are ignored at this time.
+All other colon separated fields are ignored at this time\&.
+
.SH "VERSION"
+
.PP
-This man page is correct for version 3.0 of
-the Samba suite.
+This man page is correct for version 3\&.0 of the Samba suite\&.
+
.SH "SEE ALSO"
+
.PP
-\fBsmbpasswd(8)\fR
-samba(7) and
-the Internet RFC1321 for details on the MD4 algorithm.
+\fBsmbpasswd\fR(8), \fBSamba\fR(7), and the Internet RFC1321 for details on the MD4 algorithm\&.
+
.SH "AUTHOR"
+
.PP
-The original Samba software and related utilities
-were created by Andrew Tridgell. Samba is now developed
-by the Samba Team as an Open Source project similar
-to the way the Linux kernel is developed.
+The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
+
.PP
-The original Samba man pages were written by Karl Auer.
-The man page sources were converted to YODL format (another
-excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0
-release by Jeremy Allison. The conversion to DocBook for
-Samba 2.2 was done by Gerald Carter
+The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&.
+