[Date Prev][Date Next] [Chronological] [Thread] [Top]

Patch for NT 4.0 SAM MD4 password support (ITS#2099)



Full_Name: Giampaolo Tomassoni
Version: 2.1.4
OS: RH 7.2 Linux 2.4.7-10
URL: ftp://ftp.openldap.org/incoming/giampaolo-tomassoni-020921.diff
Submission from: (NULL) (151.27.10.241)


This is a patch for OpenLDAP v2.1.4 adding support for NT 4.0 SAM passwords. SAM
passwords are made of a 16-bytes MD4 hash of the unicode-2 version of the
original cleartext password. Albeit they are often recovered through the very
same tool that obtains LANMAN passwords from an existing NT domain, they are a
bit stronger to brute force attack and are case-sensitive, so that, in my
opinion, they offer a more valid choice in migrating an existing NT 4.0 domain
to unix.
NT 4.0 SAM password support is enabled in slapd by issuing the --with-ntpassword
switch to configure.
The NT 4.0 SAM password scheme is identified in a userPassword field by the
'{NT}' prefix.