From 8f8a9f01909ba29e2b781310baeeaaddc3f15f0d Mon Sep 17 00:00:00 2001
From: "Gerald W. Carter" <jerry@samba.org>
Date: Tue, 22 Apr 2008 10:09:40 -0500
Subject: Moving docs tree to docs-xml to make room for generated docs in the
 release tarball. (This used to be commit
 9f672c26d63955f613088489c6efbdc08b5b2d14)

---
 docs-xml/manpages-3/smbpasswd.5.xml | 211 ++++++++++++++++++++++++++++++++++++
 1 file changed, 211 insertions(+)
 create mode 100644 docs-xml/manpages-3/smbpasswd.5.xml

(limited to 'docs-xml/manpages-3/smbpasswd.5.xml')

diff --git a/docs-xml/manpages-3/smbpasswd.5.xml b/docs-xml/manpages-3/smbpasswd.5.xml
new file mode 100644
index 0000000000..592a7de8b8
--- /dev/null
+++ b/docs-xml/manpages-3/smbpasswd.5.xml
@@ -0,0 +1,211 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="smbpasswd.5">
+
+<refmeta>
+	<refentrytitle>smbpasswd</refentrytitle>
+	<manvolnum>5</manvolnum>
+	<refmiscinfo class="source">Samba</refmiscinfo>
+	<refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
+	<refmiscinfo class="version">3.2</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+	<refname>smbpasswd</refname>
+	<refpurpose>The Samba encrypted password file</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+	<para><filename>smbpasswd</filename></para>
+</refsynopsisdiv>
+
+<refsect1>
+	<title>DESCRIPTION</title>
+
+	<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
+	<manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+	<para>smbpasswd is the Samba encrypted password file. It contains 
+	the username, Unix user id and the SMB hashed passwords of the 
+	user, as well as account flag information and the time the 
+	password was last changed. This file format has been evolving with 
+	Samba and has had several different formats in the past. </para>
+</refsect1>
+
+<refsect1>
+	<title>FILE FORMAT</title>
+
+	<para>The format of the smbpasswd file used by Samba 2.2 
+	is very similar to the familiar Unix <filename>passwd(5)</filename> 
+	file. It is an ASCII file containing one line for each user. Each field 
+	ithin each line is separated from the next by a colon. Any entry 
+	beginning with '#' is ignored. The smbpasswd file contains the 
+	following information for each user: </para>
+
+	<variablelist>
+		<varlistentry>
+		<term>name</term>
+		<listitem><para> This is the user name. It must be a name that 
+		already exists in the standard UNIX passwd file. </para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>uid</term>
+		<listitem><para>This is the UNIX uid. It must match the uid
+		field for the same user entry in the standard UNIX passwd file. 
+		If this does not match then Samba will refuse to recognize 
+		this smbpasswd file entry as being valid for a user. 
+		</para></listitem>
+		</varlistentry>
+		 
+		 
+		<varlistentry>
+		<term>Lanman Password Hash</term>
+		<listitem><para>This is the LANMAN hash of the user's password, 
+		encoded as 32 hex digits.  The LANMAN hash is created by DES 
+		encrypting a well known string with the user's password as the 
+		DES key. This is the same password used by Windows 95/98 machines. 
+		Note that this password hash is regarded as weak as it is
+		vulnerable to dictionary attacks and if two users choose the 
+		same password this entry will be identical (i.e. the password 
+		is not "salted" as the UNIX password is). If the user has a 
+		null password this field will contain the characters "NO PASSWORD" 
+		as the start of the hex string. If the hex string is equal to 
+		32 'X' characters then the user's account is marked as 
+		<constant>disabled</constant> and the user will not be able to 
+		log onto the Samba server. </para>
+		
+		<para><emphasis>WARNING !!</emphasis> Note that, due to 
+		the challenge-response nature of the SMB/CIFS authentication
+		protocol, anyone with a knowledge of this password hash will 
+		be able to impersonate the user on the network. For this
+		reason these hashes are known as <emphasis>plain text 
+		equivalents</emphasis> and must <emphasis>NOT</emphasis> be made 
+		available to anyone but the root user. To protect these passwords 
+		the smbpasswd file is placed in a directory with read and 
+		traverse access only to the root user and the smbpasswd file 
+		itself must be set to be read/write only by root, with no
+		other access. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>NT Password Hash</term>
+		<listitem><para>This is the Windows NT hash of the user's 
+		password, encoded as 32 hex digits.  The Windows NT hash is 
+		created by taking the user's password as represented in 
+		16-bit, little-endian UNICODE and then applying the MD4 
+		(internet rfc1321) hashing algorithm to it. </para>
+		
+		<para>This password hash is considered more secure than
+		the LANMAN Password Hash as it preserves the case of the 
+		password and uses a much higher quality hashing algorithm. 
+		However, it is still the case that if two users choose the same 
+		password this entry will be identical (i.e. the password is 
+		not "salted" as the UNIX password is). </para>
+
+		<para><emphasis>WARNING !!</emphasis>. Note that, due to 
+		the challenge-response nature of the SMB/CIFS authentication
+		protocol, anyone with a knowledge of this password hash will 
+		be able to impersonate the user on the network. For this
+		reason these hashes are known as <emphasis>plain text 
+		equivalents</emphasis> and must <emphasis>NOT</emphasis> be made 
+		available to anyone but the root user. To protect these passwords 
+		the smbpasswd file is placed in a directory with read and 
+		traverse access only to the root user and the smbpasswd file 
+		itself must be set to be read/write only by root, with no
+		other access. </para></listitem>
+		</varlistentry>
+		
+
+		<varlistentry>
+		<term>Account Flags</term>
+		<listitem><para>This section contains flags that describe 
+		the attributes of the users account.  This field is bracketed by 
+		'[' and ']' characters and is always 13 characters in length 
+		(including the '[' and ']' characters).
+		The contents of this field may be any of the following characters:
+		</para>
+		
+		<itemizedlist>
+			<listitem><para><emphasis>U</emphasis> - This means 
+			this is a "User" account, i.e. an ordinary user.</para></listitem>
+			
+			<listitem><para><emphasis>N</emphasis> - This means the
+			account has no password (the passwords in the fields LANMAN 
+			Password Hash and NT Password Hash are ignored). Note that this 
+			will only allow users to log on with no password if the <parameter>
+			null passwords</parameter> parameter is set in the 
+			<citerefentry><refentrytitle>smb.conf</refentrytitle>
+			<manvolnum>5</manvolnum></citerefentry> config file. </para></listitem>
+				
+			<listitem><para><emphasis>D</emphasis> - This means the account 
+			is disabled and no SMB/CIFS logins  will be allowed for this user. </para></listitem>
+			
+			<listitem><para><emphasis>X</emphasis> - This means the password 
+			does not expire. </para></listitem>
+			
+			<listitem><para><emphasis>W</emphasis> - This means this account 
+			is a "Workstation Trust" account. This kind of account is used 
+			in the Samba PDC code stream to allow Windows NT Workstations 
+			and Servers to join a Domain hosted by a Samba PDC. </para>
+			</listitem>
+		</itemizedlist>
+		
+		<para>Other flags may be added as the code is extended in future.
+		The rest of this field space is filled in with spaces. For further
+		information regarding the flags that are supported please refer to the
+		man page for the <command>pdbedit</command> command.</para>
+		</listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>Last Change Time</term>
+		<listitem><para>This field consists of the time the account was 
+		last modified. It consists of the characters 'LCT-' (standing for 
+		"Last Change Time") followed by a numeric encoding of the UNIX time 
+		in seconds since the epoch (1970) that the last change was made. 
+		</para></listitem>
+		</varlistentry>
+	</variablelist>
+	
+	<para>All other colon separated fields are ignored at this time.</para> 
+</refsect1>
+
+<refsect1>
+	<title>VERSION</title>
+
+	<para>This man page is correct for version 3.0 of 
+	the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+	<title>SEE ALSO</title>
+	<para><citerefentry><refentrytitle>smbpasswd</refentrytitle>
+	<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>Samba</refentrytitle>
+	<manvolnum>7</manvolnum></citerefentry>, and
+	the Internet RFC1321 for details on the MD4 algorithm.
+	</para>
+</refsect1>
+
+<refsect1>
+	<title>AUTHOR</title>
+	
+	<para>The original Samba software and related utilities 
+	were created by Andrew Tridgell. Samba is now developed
+	by the Samba Team as an Open Source project similar 
+	to the way the Linux kernel is developed.</para>
+	
+	<para>The original Samba man pages were written by Karl Auer. 
+	The man page sources were converted to YODL format (another 
+	excellent piece of Open Source software, available at <ulink noescape="1" url="ftp://ftp.icce.rug.nl/pub/unix/">
+	ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 
+	release by Jeremy Allison.  The conversion to DocBook for 
+	Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
+	for Samba 3.0 was done by Alexander Bokovoy.</para>
+</refsect1>
+
+</refentry>
-- 
cgit