!== !== Passwords.txt for Samba release 2.2.0-alpha3 24 Mar 2001 !== Contributor: Unknown Date: Updated April 19th 1999. Status: Current Subject: NOTE ABOUT PASSWORDS ============================================================================= Unix systems use a wide variety of methods for checking the validity of a password. This is primarily controlled with the Makefile defines mentioned in the Makefile. Also note that some clients (notably WfWg) uppercase the password before sending it. The server tries the password as it receives it and also after lowercasing it. The Samba server can also be configured to try different upper/lowercase combinations. This is controlled by the [global] parameter "password level". A level of N means to try all combinations up to N uppercase characters in the password. A high value can chew a fair bit of CPU time and can lower the security of your system. Do not use this options unless you really need it - the time taken for password checking can become so high that clients time out. If you do use the "password level" option then you might like to use -DUFC_CRYPT in your Makefile. On some machine this makes password checking _much_ faster. This is also useful if you use the @group syntax in the user= option. If your site uses AFS (the Andrew File System), you can use the AFS section in the Makefile. This will first attempt to authenticate a username and password to AFS. If that succeeds, then the associated AFS rights will be granted. Otherwise, the password checking routine falls back to whatever Unix password checking method you are using. Note that the AFS code is only written and tested for AFS 3.3 and later. SECURITY = SERVER or DOMAIN =========================== Samba can use a remote server to do its username/password validation. This allows you to have one central machine (for example a NT box) control the passwords for the Unix box. See the section on "security =" in smb.conf(5) for details.