Re: Authenticating encrypted passwords

From: Robert L. Huffstedtler <rob@dont-contact.us>
Date: Fri, 10 Mar 2000 14:30:16 -0600

DOH! Several people pointed out that I was obviously on crack when I wrote
the quoted message. Perfect example of why one should not attempt to
communicate with anyone when they are exhausted. I won't even attempt to
explain the new math I used come up with my fallacious answer.

----- Original Message -----
From: "Robert L. Huffstedtler" <rob@system-x.com>
To: "Shannon Kelman" <shannon.kelman@usa.alcatel.com>;
<squid-users@ircache.net>
Sent: Friday, March 10, 2000 1:24 PM
Subject: Re: Authenticating encrypted passwords

> Not to mention that 444 allows users to WRITE to /etc/shadow. They
wouldn't
> have to run crack. Just take out all of the passwords.
>
> ----- Original Message -----
> From: "Shannon Kelman" <shannon.kelman@usa.alcatel.com>
> To: <squid-users@ircache.net>
> Sent: Friday, March 10, 2000 12:56 PM
> Subject: Re: Authenticating encrypted passwords
>
>
> > Changing /etc/shadow perms to 444 is a HORRIBLE idea and ruins one of
> > the main purposes of /etc/shadow which was to prevent hackers from
> > grabbing the encrypted passwords to run Crack on. If users are allowed
> > to login to this box then you should strongly reconsider this method.
> >
> > Regards,
> > Shannon Kelman
> >
> > -------------------
> > > I had made some test about it,and i found that ncsa_auth program can
> > recognize the /etc/shadow(however,/etc/passwd is not
> > > encrypted,it is centainly not be read by auth program.) Please notice
> > that your should change your /etc/shadow's
> > > mode(chmod 444 /etc/shadow),then it can be read by your users.
> >
> > />riser
> >
> >
>
Received on Fri Mar 10 2000 - 13:28:13 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:02 MST