[149] in Info-AFS_Redistribution
Re: authentication database vs. /etc/passwd ...
daemon@ATHENA.MIT.EDU (nydick@pookie.psc.edu)
Mon Jun 17 12:42:39 1991
To: cball@bu-it.bu.edu
Cc: Info-AFS@transarc.com
In-Reply-To: Your message of Mon, 17 Jun 91 08:45:48 -0400.
Reply-To: nydick@psc.edu
Date: Mon, 17 Jun 91 11:41:37 EDT
From: nydick@pookie.psc.edu
What do you do when some local hacker figures out that he can
change any uninitialized Kerberos password? I can't think of a way to
allow login to automatically change a kerberos password without either
allowing unauthenticated password changes at least some of the time,
or compiling an administrative password of some sort into the login
program (which in that case must either be on the local workstations
or world read in AFS, and thus allowing access to the password). I
suppose if you have sufficiently secure local workstations you might
be able to reasonably put a password in login, but I wouldn't be
comfortable with it.
-Dan
