[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: root password is not stored in /etc/cipux/

On Tuesday 12 December 2006 10:20, you wrote:
> [Christian Kuelker]
> > I would not store the (posix) root password on disk.
> > I would store the database password, because to let this in
> > the hand of teachers is even more dangerous.
> With the LDAP admin password on disk it is trivial to create a new
> root user in LDAP, and use it to log in to all the machines using the
> LDAP database in their PAM and NSS setup. 

You must be root to see that password. The user will not see it.

But in fact if you are the root of tjener you can create new accounts in the 
LDAP  too because the passwords are identical and you can use slapadd or 
whatever to build a new LDAP database. So there is no difference (except 
difficulty) between the LDAP root and posix root.

So what you try to say is that the chmod 700 and chown root:root are not 

uid=root is not a cipux account and can not be changed by cipux

> So having the LDAP admin 
> password give a person more power than having the root password of a
> single machine.  

no see above. The root of the machine of the LDAP can enlarge his
power also.

> If the users with access to editing the LDAP 
> directory should not have full access to the LDAP directory, 

They have not, because the commandos of the RPC server are limited.

But if the access for the cn=cipuxadmin user may restricted with LDAP
ACL in a sophisticated way, that is ok.

The basic problem will remain. User X (teacher) want to change the password of 
user Y (pupil). 

So you can administrate LDAP ACL for X if you want. But It is practically not 
duable for teachers to tweek the ACL. So this is why user Z (cn=cipuxadmin)
has the right of doing the change of a password for Y in behalf of X.

> I suspect 
> we need to find a way to store the password in memory instead of on
> the disk.

ok, how can that be implemented? 

But this isn't really more secure under Linux.

> > But why you store the cn=smbadmin in clear text on disk? Which is
> > again the root password.
> This sounds bad.  I belived the smbadmin password was a random key
> only giving access to the SMB part of the ldap directory.  If this is
> not so, we need to review that procedure.

Well this is on every woody and sarge system the case.


Reply to: