[34] in linux-security and linux-alert archive
Re: Shadow Passwords?
daemon@ATHENA.MIT.EDU (Daniel Hollis)
Tue Mar 7 03:57:48 1995
From: dhollis@hq.jcic.org (Daniel Hollis)
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 6 Mar 1995 20:14:35 -0800 (PST)
In-Reply-To: <199503062051.MAA04098@neko.egbt.org> from "Ian A. McCloghrie" at Mar 6, 95 12:51:56 pm
Reply-To: linux-security@tarsier.cv.nrao.edu
> On Mar 6, 1995 Roman Gollent wrote:
> IMHO, the security/cost ratio for shadow passwords is quite low.
> The added benefit of hidden encrypted passwords is relatively small,
> and the hassle of having to hack every package that wants to do
> user authentication before installing it is rather large. Most linux
> systems are used by a single person, often not on any network at all,
> where the likelihood of having untrustworthy users is quite small.
> Shadow passwords don't buy much on your average linux system.
> (linux systems being used for Internet Service Providing are another
> question entirely, of course).
Indeed. We run an ISP and have around 250 accounts. It doesn't take much
for an outsider to coerce one of your newbie users to send them a copy of
/etc/passwd by telling them to "/dcc send dork /etc/passwd" from IRC.
Also when running an ISP there is the issue of untrustworthy users.
Shadow passwords are mainly for internal security, but will also protect
you in the example above.
In a related vein, has anyone had experience running identd
authentication? I have used it succesfully to trace down and catch several
hackers. Of course it requires the other end to be running a real identd that
doesn't lie, but that number of sites seems to be increasing.
And yes, FYI we do run a real identd server.
-Dan
------------------------------------------------------------------------------
Dan Hollis | Seiyuu Daisuki! | mokkori.jcic.org servers:
JCIC System Administrator | Orikasa Ai | http:LPA-HOWTO (Linux page)
http://www.jcic.org/ | Yokoyama Chisa | http:SM.html (SM Records page)
dhollis@hq.jcic.org | (~(^_^)~) | Ztalk (Internet voice mail)
------------------------------------------------------------------------------
