[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: root password is not stored in /etc/cipux/

Christian Kuelker skrev:
> On Tuesday 12 December 2006 10:20, you wrote:
>> [Christian Kuelker]
>>> I would not store the (posix) root password on disk.
>>> I would store the database password, because to let this in
>>> the hand of teachers is even more dangerous.
>> With the LDAP admin password on disk it is trivial to create a new
>> root user in LDAP, and use it to log in to all the machines using the
>> LDAP database in their PAM and NSS setup. 
> You must be root to see that password. The user will not see it.
> But in fact if you are the root of tjener you can create new accounts in the 
> LDAP  too because the passwords are identical and you can use slapadd or 
> whatever to build a new LDAP database. So there is no difference (except 
> difficulty) between the LDAP root and posix root.
> So what you try to say is that the chmod 700 and chown root:root are not 
> working?
> uid=root is not a cipux account and can not be changed by cipux
>> So having the LDAP admin 
>> password give a person more power than having the root password of a
>> single machine.  
> no see above. The root of the machine of the LDAP can enlarge his
> power also.
>> If the users with access to editing the LDAP 
>> directory should not have full access to the LDAP directory, 
> They have not, because the commandos of the RPC server are limited.
> But if the access for the cn=cipuxadmin user may restricted with LDAP
> ACL in a sophisticated way, that is ok.
> The basic problem will remain. User X (teacher) want to change the password of 
> user Y (pupil). 
> So you can administrate LDAP ACL for X if you want. But It is practically not 
> duable for teachers to tweek the ACL. So this is why user Z (cn=cipuxadmin)
> has the right of doing the change of a password for Y in behalf of X.
>> I suspect 
>> we need to find a way to store the password in memory instead of on
>> the disk.
> ok, how can that be implemented? 
> But this isn't really more secure under Linux.
>>> But why you store the cn=smbadmin in clear text on disk? Which is
>>> again the root password.
>> This sounds bad.  I belived the smbadmin password was a random key
>> only giving access to the SMB part of the ldap directory.  If this is
>> not so, we need to review that procedure.
> Well this is on every woody and sarge system the case.

No, this is not the case. the smbadmin password is set by the script
/usr/bin/samba-debian-edu-admin, with these lines:
# Generate Samba_passwd

# Generate Crypted password
CRYPTPW=$(/usr/sbin/slappasswd -u -s $SMBPW)

# Stop openldap
/etc/init.d/slapd stop

# Stop nscd
/etc/init.d/nscd stop

# Add smbadmin user to ldap db
cat << EOF | /usr/sbin/slapadd
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: smbadmin
description: Samba Administrator
userPassword: $CRYPTPW


smbadmin is allowed to add/edit these attributes:

Finn-Arne Johansen
faj@bzz.no http://bzz.no/
EE2A71C6403A3D191FCDC043006F1215062E6642 062E6642

Reply to: