Allow Samba not to store the NT Hash
Allows Samba to be deployed at sites that will not, eg due to FIPS and similar security requirements, store an unsalted hash.
-
based on 'ntlm auth = disabled' consistent with behaviour of
lanman auth = no
historically. -
Builds on !2410 (closed) which was harder than it should have been, and took most of the time :-(
-
No password history, other than the previous password and previous previous, is stored, as that data structure uses the NT hash itself, so unsafe.
-
Tests for password change and similar tests run in not ad_dc_no_ntlm environment to test.
-
Plaintext password from a simple bind handled by comparison to the AES256 key.
Checklist
-
Commits have Signed-off-by:
with name/author being identical to the commit author -
(optional) This MR is just one part towards a larger feature. -
(optional, if backport required) Bugzilla bug filed and BUG:
tag added -
Test suite updated with functionality tests -
Test suite updated with negative tests -
Documentation updated -
CI timeout is 3h or higher (see Settings/CICD/General pipelines/ Timeout)
Reviewer's checklist:
-
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to README.Coding.md
-
This feature/change has adequate documentation added -
No obvious mistakes in the code
Edited by Andrew Bartlett