From: Andrew Bartlett Date: Mon, 3 Jun 2013 00:27:41 +0000 (+1000) Subject: docs: Do not encourage unix passwords, and remove reference to password level X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=3f73002f2d5f8a27820e09b024f561fda1560184;p=metze%2Fsamba%2Fwip.git docs: Do not encourage unix passwords, and remove reference to password level Reviewed-by: Simo Sorce --- diff --git a/docs-xml/Samba3-Developers-Guide/unix-smb.xml b/docs-xml/Samba3-Developers-Guide/unix-smb.xml index ae6bdcdb0db8..6964b7fb2e3d 100644 --- a/docs-xml/Samba3-Developers-Guide/unix-smb.xml +++ b/docs-xml/Samba3-Developers-Guide/unix-smb.xml @@ -112,7 +112,7 @@ shares. Passwords -Many SMB clients uppercase passwords before sending them. I have no +When plaintext passwords are used, very old SMB clients uppercase passwords before sending them. I have no idea why they do this. Interestingly WfWg uppercases the password only if the server is running a protocol greater than COREPLUS, so obviously it isn't just the data entry routines that are to blame. @@ -123,12 +123,11 @@ Unix passwords are case sensitive. So if users use mixed case passwords they are in trouble. - -Samba can try to cope with this by either using the "password level" -option which causes Samba to try the offered password with up to the -specified number of case changes, or by using the "password server" -option which allows Samba to do its validation via another machine -(typically a WinNT server). +Samba will try an additional all lower cased password +authentication if it receives an all uppercase password. Samba used to +support an option called "password level" that would try to crack +password by trying all case permutations, but that option has been +removed.