Re: Authenticating encrypted passwords

From: Robert L. Huffstedtler <rob@dont-contact.us>
Date: Fri, 10 Mar 2000 13:24:28 -0600

Not to mention that 444 allows users to WRITE to /etc/shadow. They wouldn't
have to run crack. Just take out all of the passwords.

----- Original Message -----
From: "Shannon Kelman" <shannon.kelman@usa.alcatel.com>
To: <squid-users@ircache.net>
Sent: Friday, March 10, 2000 12:56 PM
Subject: Re: Authenticating encrypted passwords

> Changing /etc/shadow perms to 444 is a HORRIBLE idea and ruins one of
> the main purposes of /etc/shadow which was to prevent hackers from
> grabbing the encrypted passwords to run Crack on. If users are allowed
> to login to this box then you should strongly reconsider this method.
>
> Regards,
> Shannon Kelman
>
> -------------------
> > I had made some test about it,and i found that ncsa_auth program can
> recognize the /etc/shadow(however,/etc/passwd is not
> > encrypted,it is centainly not be read by auth program.) Please notice
> that your should change your /etc/shadow's
> > mode(chmod 444 /etc/shadow),then it can be read by your users.
>
> />riser
>
>
Received on Fri Mar 10 2000 - 12:21:11 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:02 MST