Subject: Re: pseudo-shadowing of passwords with ypserv?
To: Keith Moore <moore@cs.utk.edu>
From: David Holland <dholland@cs.toronto.edu>
List: tech-security
Date: 10/08/1998 18:47:06
> > rdist over ssh? It's not quite drop-in, but it's pretty easy to set up.
> > (would be nice to get some out-of-the-box support for it though sometime.)
>
> Copying the passwd file to all hosts doesn't scale very well
> for even moderate numbers of users or hosts.
Even a 10,000 user password file is well under a megabyte. Keeping
this on each machine just doesn't strike me as a particularly large
problem. And that's generally considered a large number of users.
Updating it to a couple of hundred machines *might* saturate the
network for a few minutes at 5 am or some other time nobody's doing
anything critical. If you use rsync, it wouldn't take even that.
> It's also a pain
> to keep all of the password files current in the presence of host
> and network failures,
This is precisely what rdist is for.
> and to deal with each system's different
> way of storing shadow password files.
And this is a couple of small awk scripts.
> And we'd still need
> something like yppasswd (with something better than "privileged
> ports" for authentication) to let people change their passwords.
% cat /usr/local/bin/passwd
#!/bin/sh
exec ssh centralhost "passwd $*"
Salt to taste.
> > Nothing anyone does to YP will ever really be more than a bandaid.
>
> granted. If I had the luxury of replacing all of the "login" programs
> on all of the systems, I'd start with Kerberos and work up from there.
> Meanwhile, a bandaid would do a lot to thwart this very common kind of
> attack.
Kerberos is far from an ideal solution itself.
--
- David A. Holland | (please continue to send non-list mail to
dholland@cs.utoronto.ca | dholland@hcs.harvard.edu. yes, I moved.)