Bugtraq mailing list archives
Re: Digital Unix 4 protected password database.
From: jmorgan () dircon co uk (Jon Morgan)
Date: Wed, 10 Mar 1999 09:10:18 -0000
And as noted, you do need root to run the program. But if you are root you don't really need it. A simple Perl script or even simpler shell script will do. Normally the /tcb/files/ tree is owned by auth.auth and not world readable. But, um, if you're root all bets are off anyway. You don't actually need the passwords.
The one thing that a lot of people miss with Digital UNIX is that when you use Enhanced Security in conjunction with NIS, the entire "protected" password subsystem is available as the NIS map prpasswd. This contains, amongst other things, the password hash value. Then your perl or sh script can just harvest these trivially. Why you want to run a C2 secure system and then use NIS is beyond me, but at least it gives you nifty password controls... The one thing that CAN cause problems is that Digital UNIX can use nonstandard hash algorithms (bigcrypt(), crypt16() and C1crypt()) as well as the normal crypt(). Not only does this make coding slightly complicated (as you have to get the correct hash algorithm, but when a password is created within an Enhanced Security environment that is over eight characters in length, another password round is created AFTER the original to contain the rest of the password. This doesn't make things impossible, just difficult - Digital kindly provide a set of system calls to do most of this for you. -jon. -- Jon Morgan <jmorgan () dirconspam co uk> Speaking for myself. nihil illegitemi carborvndvm ____________________
Current thread:
- Re: More Internet Explorer zone confusion Oliver Lineham (Mar 08)
- <Possible follow-ups>
- Re: More Internet Explorer zone confusion iversen (Mar 08)
- WinFreez.c Delmore (Mar 05)
- The FPSC-IRCD.txt advisory syg FPSC (Mar 07)
- Digital Unix 4 protected password database. James Clement (Mar 08)
- Re: Digital Unix 4 protected password database. Chris Johnson (Mar 09)
- Re: Digital Unix 4 protected password database. Jon Morgan (Mar 10)
- Re: Digital Unix 4 protected password database. Alec Muffett (Mar 10)
- Re: Digital Unix 4 protected password database. Keith Piepho (Mar 10)
- Re: Digital Unix 4 protected password database. Solar Designer (Mar 13)
- Default password in Bay Networks switches. Jan B. Koum (Mar 10)
- Re: Default password in Bay Networks switches. Dax Kelson (Mar 10)
- Re: Default password in Bay Networks switches. Dax Kelson (Mar 10)
- Re: Default password in Bay Networks switches. Igor Sviridov (Mar 11)
- Re: Default password in Bay Networks switches. Rolf Obrecht (Mar 12)
- Re: The FPSC-IRCD.txt advisory Bjarni R. Einarsson (Mar 09)
- Windows NT Screen Saver Vulnerability Aleph One (Mar 09)