I am looking at the NetUserSetInfo
method. It can take a USER_INFO_21
structure that allows me to pass in a "one-way encrypted LAN Manager 2.x-compatible password". I think this means a HMAC-MD5 hash.
The class System.Security.Cryptography.HMACMD5 can create one of these hashes, but it needs a key (or shared secret) for that class to work.
Where would this secret be stored? How can I get it?
I am writing this in managed code (C#), but I have no problems making pinvoke calls to make this happen.
Thanks in advance for your help!
[Background info in case you are interested: I am creating a mobile application that I would like to be able to merge the users of that app (Stored in a database) and the users on a Windows 2003 Machine (for integration of a 3rd party app).
One other constraint I am trying to work with is keeping passwords from being passed from the client app to my server in clear text.]
Bump