[367] in Hesiod
Re: secure information?
daemon@ATHENA.MIT.EDU (David E. Cross)
Fri Jan 16 23:32:56 1998
Date: Fri, 16 Jan 1998 23:31:46 -0500 (EST)
From: "David E. Cross" <dec@phoenix.its.rpi.edu>
To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Cc: "Aidan Cully [Staff]" <aidan@panix.com>, hesiod@MIT.EDU
In-Reply-To: <199801170412.XAA00989@dcl.MIT.EDU>
On Fri, 16 Jan 1998, Theodore Y. Ts'o wrote:
> Date: Fri, 16 Jan 1998 17:22:48 -0500
> From: "Aidan Cully [Staff]" <aidan@panix.com>
>
> Just recently started working on using Hesiod for a library I'm building
> which will resolve the identity of a user on the other end of a socket
> based on incoming origin (e-mail me privately if you're interested.. It
> is based on some of my News Gizmo code).. The problem I have right now
> is how to restrict access to secure information so that only "good folk"
> can get it? I'm talking about stuff like .passwd and .uid entries, .group
> entries that we don't want anyone outside of our networks to see. Is
> there any way to do this with Hesiod's BIND base, or will I have to screw
> with BIND?
>
> BIND is really designed to distribute public data, and the same is true
> for Hesiod.
>
> Note that it's also trivially easy to poison the DNS cache with
> incorrect data, so be careful before using the .group information to
> decide whether or not someone is allowed to actually access some file.
> Storing information which is security sensitive in Hesiod really isn't a
> wonderful idea... (that's why we use Kerberos to actually do the
> authentication, and our NFS servers actually enforce user and group
> ownership based on Kerberos authentication. The same is true for AFS,
> of course.)
Forgive me for being so vague... but in BIND 4.9.x and BIND8.x there are
options to allow one to restrict who may access records based on IP
addresses and/or network addresses. It is not 100%, but it is much better
than the whole world approach.
--
David Cross
UNIX Systems Administrator
GE Corporate R&D
