While Unix authentication has been in use for decades, including the use of
telnet and
rlogin access across the Internet, it embodies well-known security risks. Plaintext passwords are sent over the Internet and can be retrieved from TCP packets by malicious snoopers. However, if you feel that your network is secure and you wish to use standard Unix
/etc/passwd authentication for all clients, you can do so, but you must disable encrypted passwords on those Windows clients that default to using them.
In order to do this, you must modify the Windows registry by installing two files on each system. Depending on the platform involved, the files are either
NT4_PlainPassword.reg or
Win95_PlainPassword.reg. You can perform this installation by copying the appropriate
.reg files from the Samba distribution's
/docs directory to a DOS floppy, and running it from the Run menu item on the client's Start Menu button. Incidentally, the Windows 95
.reg file works fine on Windows 98 as well.
After you reboot the machine, the client will not encrypt its hashed passwords before sending them to the server. This means that the plaintext-equivalent passwords can been seen in the TCP packets that are broadcast across the network. Again, we encourage you not to do this unless you are absolutely sure that your network is secure.
If passwords are not encrypted, you can indicate as much in your Samba configuration file:
[global]
security = user
encrypt passwords = no
