Re: Authenticating encrypted passwords

From: daizhuan <dzarm@dont-contact.us>
Date: Fri, 10 Mar 2000 17:21:42 +0800

----- Original Message -----
From: Martin Brooks <martin@gointernet.co.uk>
To: daizhuan <dzarm@iini.net>
Cc: <penna@kaizen.com.br>; <squid-users@ircache.net>
Sent: Friday, March 10, 2000 4:16 PM
Subject: Re: Authenticating encrypted passwords

> > daizhuan wrote:
> > Please notice that your should
> > change your /etc/shadow's mode(chmod 444 /etc/shadow),then it can be
> > read by your users.
> >
> > /riser
>
> Please note that doing what this chap suggests is a huge security hole.
> You're effectively bypassing the entire point of using shadow password
> in the first place. I strongly recommend that you do not do what is
> suggested.
>
> --
>
> Martin Brooks, Systems Administrator
> martin@gointernet.co.uk
> ---------------------------
> Go Internet Ltd
> 36 Gloucester Avenue
> NW1 7BB London UK
> Phone +44-(0)20-7419 0001
> Fax +44-(0)20-7419 6519

Thank you for your suggestion,I also know that it is a security hole.So I will not use it in the real world.And I
also want to suggest all not using this method to do the auth .
Maybe we can create another passwd file by which we can still make our authentication.
Received on Fri Mar 10 2000 - 02:44:05 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:01 MST