RE: mac client password changes

From: paul Carcary (Paul@Lacewood.co.uk)
Date: 12/20/01 

From: paul Carcary <Paul@Lacewood.co.uk>
To: "'Laura A. Robinson'" <larobins@bellatlantic.net>, paul Carcary <Paul@Lacewood.co.uk>, focus-ms@securityfocus.com
Date: Thu, 20 Dec 2001 09:08:36 -0000

Hi

No, the passwords are not stored with reversible encryption, this is very
much a "Vanilla" installation.

This occurs when the 42 day timer expires, it also occurs where a client
opts to change passwords without being prompted.

Thanks

Paul

-----Original Message-----
From: Laura A. Robinson [mailto:larobins@bellatlantic.net]
Sent: 19 December 2001 19:09
To: paul Carcary; focus-ms@securityfocus.com
Subject: Re: mac client password changes

How are the passwords being stored in the domain? Is reversible encryption
being used?

Laura
----- Original Message -----
From: "paul Carcary" <Paul@Lacewood.co.uk>
To: <focus-ms@securityfocus.com>
Sent: Wednesday, December 19, 2001 10:44 AM
Subject: mac client password changes

> Hi
>
> I remember a recent odd posting regarding renaming 2000 user accounts and
> then being able to log in using either name
>
> I found another oddity, this time with passwords.....
>
> Running 2000 Active Directory with mixed 2000 Pro and MAC clients,
password
> expiry is enforced.
>
> When a 2000 client changes the password all works exactly as expected
> When a MAC client changes the password all appears to work as expected,
> except that the client can then use either the old or the new password to
> login
>
> This "dual password" works from either a MAC or 2000 client, (if a 2000
> client changes a password you only get one password)
>
> Anyone seen this ?
>
> There is only one domain controller for this domain.
>
> Any thoughts ?
>
> Regards
>
> Paul Carcary
>
> MCSE-W2K, CNE5, CNE4, ASE, CSE, CCNA, CCDA
>