Re: root password is not stored in /etc/cipux/
Christian Kuelker skrev:
> On Tuesday 12 December 2006 10:20, you wrote:
>> [Christian Kuelker]
>>
>>> I would not store the (posix) root password on disk.
>>> I would store the database password, because to let this in
>>> the hand of teachers is even more dangerous.
>> With the LDAP admin password on disk it is trivial to create a new
>> root user in LDAP, and use it to log in to all the machines using the
>> LDAP database in their PAM and NSS setup.
>
> You must be root to see that password. The user will not see it.
>
> But in fact if you are the root of tjener you can create new accounts in the
> LDAP too because the passwords are identical and you can use slapadd or
> whatever to build a new LDAP database. So there is no difference (except
> difficulty) between the LDAP root and posix root.
>
> So what you try to say is that the chmod 700 and chown root:root are not
> working?
>
> uid=root is not a cipux account and can not be changed by cipux
>
>> So having the LDAP admin
>> password give a person more power than having the root password of a
>> single machine.
>
> no see above. The root of the machine of the LDAP can enlarge his
> power also.
>
>> If the users with access to editing the LDAP
>> directory should not have full access to the LDAP directory,
>
> They have not, because the commandos of the RPC server are limited.
>
> But if the access for the cn=cipuxadmin user may restricted with LDAP
> ACL in a sophisticated way, that is ok.
>
> The basic problem will remain. User X (teacher) want to change the password of
> user Y (pupil).
>
> So you can administrate LDAP ACL for X if you want. But It is practically not
> duable for teachers to tweek the ACL. So this is why user Z (cn=cipuxadmin)
> has the right of doing the change of a password for Y in behalf of X.
>
>> I suspect
>> we need to find a way to store the password in memory instead of on
>> the disk.
>
> ok, how can that be implemented?
>
> But this isn't really more secure under Linux.
>
>>> But why you store the cn=smbadmin in clear text on disk? Which is
>>> again the root password.
>> This sounds bad. I belived the smbadmin password was a random key
>> only giving access to the SMB part of the ldap directory. If this is
>> not so, we need to review that procedure.
>
> Well this is on every woody and sarge system the case.
No, this is not the case. the smbadmin password is set by the script
/usr/bin/samba-debian-edu-admin, with these lines:
# Generate Samba_passwd
SMBPW=$(/usr/bin/makepasswd)
# Generate Crypted password
CRYPTPW=$(/usr/sbin/slappasswd -u -s $SMBPW)
# Stop openldap
/etc/init.d/slapd stop
# Stop nscd
/etc/init.d/nscd stop
# Add smbadmin user to ldap db
cat << EOF | /usr/sbin/slapadd
dn: $BASEDN
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: smbadmin
description: Samba Administrator
userPassword: $CRYPTPW
EOF
smbadmin is allowed to add/edit these attributes:
sambaLMPassword
sambaNTPassword
objectClass
cn
uid
uidNumber
gidNumber
homeDirectory
loginShell
sambaSID
sambaPrimaryGroupSID
displayName
sambaPwdCanChange
sambaPwdMustChange
sambaPwdLastSet
sambaAcctFlags
sambaGroupType
sambaPasswordHistory
--
Finn-Arne Johansen
faj@bzz.no http://bzz.no/
EE2A71C6403A3D191FCDC043006F1215062E6642 062E6642
Reply to: