Subject: Re: pseudo-shadowing of passwords with ypserv?
To: Keith Moore <moore@cs.utk.edu>
From: Ignatios Souvatzis <is@jocelyn.rhein.de>
List: tech-net
Date: 10/07/1998 20:48:12
On Tue, Oct 06, 1998 at 05:55:56PM -0400, Keith Moore wrote:
> > Let me (at least partially) object: making the occasional screen
> > lock program fail, is a security problem, too. What do xlock{,more} do? lock?
> 
> these definitely have to be considered.  but it seems that on most platforms
> that support shadow passwords, xlock and similar programs have to be able to 
> run set-uid anyway. if they run set-uid then they should get privileged
> ports and the server will return the encrypted passwords.

Oh. Right. ok.

Although I think I saw some variant of "rexec to localhost" sort of test, in
some program.

	-is