SYSKEY2. Request For Comments
jeremy at valinux.com
jeremy at valinux.com
Mon Feb 7 12:17:50 GMT 2000
>
> phil, this isn't about root being trusted or untrusted. it's about making
> sure that only root can decode a password stored in a location in a
> publicly accessible file.
>
>
> On Sat, 5 Feb 2000, Phil Mayers wrote:
>
> > I'm afraid I agree. If you don't trust root, then you're screwed. If
> > someones get a root shell on the machine, you're deader than courdroy.
> > They can essentially do anything, hence it adds no real security, just
> > puts another step in the way.
But passwords should *never* be stored in a publicly accessible
file - not even obfuscated !
Remember, the originalUNIX system had hashed passwords
stored in /etc/passwd. This was ok - because it was estimated
that it was computationally impossible to attack the hash....
WRONG ! Faster processors made it possible within a decade or
so. Solution - put the passwords in a *ROOT READ ONLY* file ,
/etc/shadow.
We need to do the same. Any further obfuscation is unneeded,.
Luke - just because NT does it doesn't mean it is a good
idea. Don't code this up. If you do it'll be a waste of
your efforts as it will not go into a stable release.
If the key is stored off machine in some way then that's a
different matter, as that actually does add some security.
It would, however, mean that human intervention is needed
to restart Samba on a machine. Every time (no unattended boots).
Remember the famous quote (can't remember who said it originally :-).
"Those who do not understand UNIX are doomed to re-invent
it, badly" :-).
Cheers,
Jeremy.
More information about the samba-ntdom
mailing list