Bugtraq mailing list archives
[John Adams: Re: Why are we using priveleged images / state so
From: peiterz () BBN COM (Peiter Zatko)
Date: Mon, 10 Jul 1995 16:50:36 EDT
But then remote administration goes all to hell. Secure external access methods (Skey, SecureID, et al.) could be used to admin the machines remotely, but the inital setup would cost a considerable amount of time.
On a slightly different topic. But since S/Key was mentioned... Almost all of the S/Key packages I've seen have a problem (actually there are a couple of problems with s/key but the pro's still outweigh the con's). The installation sets the /etc/skeykeys file to a world readable mode ( 644 ). This seems to be the case in both Bellcore and Weitse's packages. Needless to say that on a system using shadowed passwords and having most of their users using s/key... This defeats the benefits of having a shadowed password system in the first place. The only thing I see changing this file to a more rational mode (ie 600) would break is the keyinfo program. Not much of a loss in my eyes. PeiterZ
Current thread:
- [John Adams: Re: Why are we using priveleged images / state so Peiter Zatko (Jul 10)