Re: root password is not stored in /etc/cipux/
Christian Kuelker skrev:
> On Tuesday 12 December 2006 10:20, you wrote:
>> [Christian Kuelker]
>>> I would not store the (posix) root password on disk.
>>> I would store the database password, because to let this in
>>> the hand of teachers is even more dangerous.
>> With the LDAP admin password on disk it is trivial to create a new
>> root user in LDAP, and use it to log in to all the machines using the
>> LDAP database in their PAM and NSS setup.
> You must be root to see that password. The user will not see it.
> But in fact if you are the root of tjener you can create new accounts in the
> LDAP too because the passwords are identical and you can use slapadd or
> whatever to build a new LDAP database. So there is no difference (except
> difficulty) between the LDAP root and posix root.
> So what you try to say is that the chmod 700 and chown root:root are not
> uid=root is not a cipux account and can not be changed by cipux
>> So having the LDAP admin
>> password give a person more power than having the root password of a
>> single machine.
> no see above. The root of the machine of the LDAP can enlarge his
> power also.
>> If the users with access to editing the LDAP
>> directory should not have full access to the LDAP directory,
> They have not, because the commandos of the RPC server are limited.
> But if the access for the cn=cipuxadmin user may restricted with LDAP
> ACL in a sophisticated way, that is ok.
> The basic problem will remain. User X (teacher) want to change the password of
> user Y (pupil).
> So you can administrate LDAP ACL for X if you want. But It is practically not
> duable for teachers to tweek the ACL. So this is why user Z (cn=cipuxadmin)
> has the right of doing the change of a password for Y in behalf of X.
>> I suspect
>> we need to find a way to store the password in memory instead of on
>> the disk.
> ok, how can that be implemented?
> But this isn't really more secure under Linux.
>>> But why you store the cn=smbadmin in clear text on disk? Which is
>>> again the root password.
>> This sounds bad. I belived the smbadmin password was a random key
>> only giving access to the SMB part of the ldap directory. If this is
>> not so, we need to review that procedure.
> Well this is on every woody and sarge system the case.
No, this is not the case. the smbadmin password is set by the script
/usr/bin/samba-debian-edu-admin, with these lines:
# Generate Samba_passwd
# Generate Crypted password
CRYPTPW=$(/usr/sbin/slappasswd -u -s $SMBPW)
# Stop openldap
# Stop nscd
# Add smbadmin user to ldap db
cat << EOF | /usr/sbin/slapadd
description: Samba Administrator
smbadmin is allowed to add/edit these attributes: