[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unix auth via LDAP & now need to add Samba!

To: OpenLDAP Mailling List <openldap-software@OpenLDAP.org>
Subject: Re: Unix auth via LDAP & now need to add Samba!
From: "Mark H. Wood" <mwood@IUPUI.Edu>
Date: Wed, 1 May 2002 08:51:22 -0500 (EST)
In-reply-to: <Pine.LNX.4.44.0204301334100.12135-100000@monk.shadlen.org>

[going offtopic]
On Tue, 30 Apr 2002, David Wright wrote:
[snip]
> I don't really see any way around this, if you are going to do
> challenge-response authentication. The server needs the cleartext (or
> equivilent) password in order to use it as salt to hash the challenge, the
> result of which it will compare with the client's response.

No, why would it need the original password?  Here's how you do it:

o When account password is set, concatenate with known salt (constant or
  easily calculable from nonsensitive data) and hash the result.  Store
  as "hashed password" (let's call this HPS).
o When client requests connection, generate a challenge and send it.
o Client concatenates password given by user with same known salt and
  applies same hash, yielding HPC.
o Client concatenates challenge with HPC and hashes the result, yielding
  "hashed challenge" (HCC).  Client sends HCC to server.
o Server concatenates challenge with HPS and hashes the result, yielding
  HCS.
o If HCC == HCS then the probability is very high that the user knows the
  password.  Yet the password itself has never been stored.

> Even if there is some neat trick that allows this salt to be stored in
> such a way that the original cleartext cannot be recovered in polynomial
> time, this storage is still a security violation, precisely because you
> can use the salt in that form to successfully authenticate. (It would be
> like a Unix machine accepting the hash of a password for authentication --
> the whole point of hashing would be circumvented since anyone could have
> read that out of /etc/passwd.)

Nope.  The "hashed password" is not an acceptable response to the
challenge.  And the challenge and response may be further encrypted using
preset out-of-band information, making it difficult even to recover the
challenge.  See the Kerberos doc.s for a better explanation.  It works.

Further discussion in this vein ought to take place elsewhere.

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".

Follow-Ups:
- Re: Unix auth via LDAP & now need to add Samba!
  - From: David Wright <ichbin@shadlen.org>

Prev by Date: Re: memberOf attribute: part of LDAP v3 standard ?
Next by Date: LDAP and Active Directory
Index(es):
- Chronological
- Thread