[pptp-server] libsmbpw.so vs chap-secrets
Gill, Vern
vgill at technologist.com
Fri Mar 23 12:33:36 CST 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Are the following statements true or false:
1) Using libsmbpw.so in conjunction with pppsmb.pat patch will force
a
client to send their password encrypted.
False.
You would need to have the mschap auth in your options to force the
client to send encrypted password.
The smbpasswd patch and co only allow you to not store plain text
passwords on your system.
2) Using only chap-secrets without authenticating from smbpasswd will
force
a client to send their password plain-text.
False.
See above...
3) Forcing an encrypted password from the client will force pptpd to
decrypt
it before authenticating with chap-secrets.
I don't think so. This may be dependant upon your "password backend"
Anyone else wanna pipe in here...
4) My password flies across the vast Internet cloud plain text when I
use
chap-secrets vs SMB password-encryption authentication.
Again, I think it is not SENT plain text, just stored locally plain
text...
I do like plugging up that libsmbpw blank username/password thing by
using
chap-secrets instead - but not at the expense of sending my passwords
plain-text for others to snag. Should I be worried?
I think you are fine with using the smbpasswd patch. But, if you
don't feel comfortable with it
then I think you are still fine. I don't think the password is
transmitted plain text, only stored as such.
Anyone else wanna back me up, or shoot me down?
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBOruWSReamMdwy9TXEQLFlwCfZ5+x+Ri51aNTBdDkOnbciJwF7rkAoOBl
LubMcCHmwtQdXkZ5EIut54lA
=KcfA
-----END PGP SIGNATURE-----
More information about the pptp-server
mailing list