[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Three indepentantly stored admin passwords; a bug or a feature?

onsdag 3. mars 2004, 19:38, skrev Rune Nordbøe Skillingstad:
> On 2004-03-03 19:31:32+0100, Herman Robak wrote:
> : Having unsynchronised admin passwords for Webmin and LDAP
> : is fraught with problems.  Once inside Webmin, the admin
> : should be authenticated well enough for the tasks that
> : can be performed through Webmin.
> I fully agree that unsyncronized password are a bad thing. I just want to
> make sure that root _NEVER_ is authenticated directly against ldap. That
> would be a big problem if ldap dies.
> Some kind of replication from /etc/passwd to ldap should be posible to
> make.
> Rune(sk)
> --
> «I came out of it dead broke, without a house, without anything except a
> girlfriend and a knowledge of Unix.» «Well, that's something. Normally
> those two are mutually exclusive»
>  - Neal Stephenson, Cryptonomicon

Just wondering: 
What is the rationale for allowing the root-password into the LDAP-database in 
the first place? 
I mean; this _is_ a "publicly" available catalog-server which is (more or 
less) likely to contain undisclosed  exploits (though it's not been an issue 
for Skolelinux this far).

Gjermund Skogstad

Reply to: