[276] in linux-security and linux-alert archive
Re: Secure Distributed Password System?
daemon@ATHENA.MIT.EDU (alex)
Thu Jul 6 16:17:50 1995
Date: Wed, 5 Jul 1995 13:16:57 -0400 (EDT)
From: alex <alex@bach.cis.temple.edu>
To: Alan Cox <iialan@iifeak.swan.ac.uk>
cc: Rob Hardy <robert@aurora.carleton.ca>, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <m0sTOwQ-00013gC@iiit.swan.ac.uk>
On Wed, 5 Jul 1995, Alan Cox wrote:
> > Security Concerns:
> > packet sniffing
> > clients can't be trusted with whole password file
> > clients are booting via bootp
> > clients are diskless
^^^^^^^^^^^^^^^^^^^^^^^^^
> > Basically I want the security that shadow gives over the net.
> > Is this possible with linux currently and does anyone know how do I do it?
>
> Kerberos - you've basically listed all the major points of it 8).
Assuming that clients are diskless and/or there are Xterminals or just
terminals attached to the network, I think that Kerberos is not a
solution because:
a) Bootp protocol is not kerberos aware i.e. it is a subject of
spoofing
b) Duing the login procedure packet sniffer will pickup a password
Best wishes,
Alex
============================================================================
Alexander O. Yuriev Email: alex@bach.cis.temple.edu
CIS Labs, TEMPLE UNIVERSITY WWW: http://bach.cis.temple.edu/personal/alex
Philadelphia, PA, USA
PGP Key: 1024/ADF3EE95 Fingerprint: AB4FE7382C3627BC 6934EC2A2C05AB62
Unless otherwise stated, everything above is my personal opinion and not an
opinion of any organisation affiliated with me.
=============================================================================
