summaryrefslogtreecommitdiff
path: root/docs/smbdotconf/security/passwordlevel.xml
blob: 1da11e406bda8a2a550d188fe1d62c27105b3e6a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<samba:parameter name="password level"
                 context="G"
				 type="integer"
                 advanced="1" developer="1"
                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
    <para>Some client/server combinations have difficulty 
    with mixed-case passwords.  One offending client is Windows for 
    Workgroups, which for some reason forces passwords to upper 
    case when using the LANMAN1 protocol, but leaves them alone when 
    using COREPLUS!  Another problem child is the Windows 95/98
    family of operating systems.  These clients upper case clear
    text passwords even when NT LM 0.12 selected by the protocol
    negotiation request/response.</para>

    <para>This parameter defines the maximum number of characters 
    that may be upper case in passwords.</para>

    <para>For example, say the password given was &quot;FRED&quot;. If <parameter moreinfo="none">
    password level</parameter> is set to 1, the following combinations 
    would be tried if &quot;FRED&quot; failed:</para>

    <para>&quot;Fred&quot;, &quot;fred&quot;, &quot;fRed&quot;, &quot;frEd&quot;,&quot;freD&quot;</para>

    <para>If <parameter moreinfo="none">password level</parameter> was set to 2, 
    the following combinations would also be tried: </para>

    <para>&quot;FRed&quot;, &quot;FrEd&quot;, &quot;FreD&quot;, &quot;fREd&quot;, &quot;fReD&quot;, &quot;frED&quot;, ..</para>

    <para>And so on.</para>

    <para>The higher value this parameter is set to the more likely 
    it is that a mixed case password will be matched against a single 
    case password. However, you should be aware that use of this 
    parameter reduces security and increases the time taken to 
    process a new connection.</para>

    <para>A value of zero will cause only two attempts to be 
    made - the password as is and the password in all-lower case.</para>

    <para>This parameter is used only when using plain-text passwords. It is
    not at all used when encrypted passwords as in use (that is the default
    since samba-3.0.0). Use this only when <smbconfoption name="encrypt passwords">No</smbconfoption>.</para>
</description>

<value type="default">0</value>
<value type="example">4</value>
</samba:parameter>