Not to mention that 444 allows users to WRITE to /etc/shadow. They wouldn't
have to run crack. Just take out all of the passwords.
----- Original Message -----
From: "Shannon Kelman" <shannon.kelman@usa.alcatel.com>
To: <squid-users@ircache.net>
Sent: Friday, March 10, 2000 12:56 PM
Subject: Re: Authenticating encrypted passwords
> Changing /etc/shadow perms to 444 is a HORRIBLE idea and ruins one of
> the main purposes of /etc/shadow which was to prevent hackers from
> grabbing the encrypted passwords to run Crack on. If users are allowed
> to login to this box then you should strongly reconsider this method.
>
> Regards,
> Shannon Kelman
>
> -------------------
> > I had made some test about it,and i found that ncsa_auth program can
> recognize the /etc/shadow(however,/etc/passwd is not
> > encrypted,it is centainly not be read by auth program.) Please notice
> that your should change your /etc/shadow's
> > mode(chmod 444 /etc/shadow),then it can be read by your users.
>
> />riser
>
>
Received on Fri Mar 10 2000 - 12:21:11 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:02 MST