diff options
Diffstat (limited to 'docs/textdocs/Passwords.txt')
-rw-r--r-- | docs/textdocs/Passwords.txt | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/docs/textdocs/Passwords.txt b/docs/textdocs/Passwords.txt new file mode 100644 index 00000000000..e06876fecae --- /dev/null +++ b/docs/textdocs/Passwords.txt @@ -0,0 +1,42 @@ +NOTE ABOUT PASSWORDS +==================== + +Unix systems use a wide variety of methods for checking the validity +of a password. This is primarily controlled with the Makefile defines +mentioned in the Makefile. + +Also note that some clients (notably WfWg) uppercase the password +before sending it. The server tries the password as it receives it and +also after lowercasing it. + +The Samba server can also be configured to try different +upper/lowercase combinations. This is controlled by the [global] +parameter "password level". A level of N means to try all combinations +up to N uppercase characters in the password. A high value can chew a +fair bit of CPU time and can lower the security of your system. Do not +use this options unless you really need it - the time taken for +password checking can become so high that clients time out. + +If you do use the "password level" option then you might like to use +-DUFC_CRYPT in your Makefile. On some machine this makes password +checking _much_ faster. This is also useful if you use the @group +syntax in the user= option. + +If your site uses AFS (the Andrew File System), you can use the AFS section +in the Makefile. This will first attempt to authenticate a username and +password to AFS. If that succeeds, then the associated AFS rights will be +granted. Otherwise, the password checking routine falls back to whatever +Unix password checking method you are using. Note that the AFS code is +only written and tested for AFS 3.3 and later. + + +SECURITY = SERVER +================= + +Samba can use a remote server to do it's username/password +validation. This allows you to have one central machine (for example a +NT box) control the passwords for the Unix box. + +See the section on "security =" in smb.conf(5) for details. + + |