Re: Authenticating encrypted passwords

From: Shannon Kelman <shannon.kelman@dont-contact.us>
Date: Fri, 10 Mar 2000 12:56:35 -0600

Changing /etc/shadow perms to 444 is a HORRIBLE idea and ruins one of
the main purposes of /etc/shadow which was to prevent hackers from
grabbing the encrypted passwords to run Crack on. If users are allowed
to login to this box then you should strongly reconsider this method.

Regards,
Shannon Kelman

-------------------
> I had made some test about it,and i found that ncsa_auth program can
recognize the /etc/shadow(however,/etc/passwd is not
> encrypted,it is centainly not be read by auth program.) Please notice
that your should change your /etc/shadow's
> mode(chmod 444 /etc/shadow),then it can be read by your users.

/>riser

Received on Fri Mar 10 2000 - 12:02:07 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:02 MST