Re: root password is not stored in /etc/cipux/

[Christian Kuelker <christian.kuelker@cipworx.org>]

Hi 

I would remind you this thread is about how to establish 
a secure communication with an LDAP server and a program.

On Wednesday 13 December 2006 19:07, RalfGesellensetter wrote:
> The key must not be stored, as it can be reproduced from /proc. Therefor
> you need already to be there. On your local machine, you will get
> another md5sum.

Then tell me how this can be done!

(if anyone can reproduce it from proc it makes no sense)
(if only root can do this, than it is as good as storing it on the disk)

> Am Mittwoch 13 Dezember 2006 15:11 schrieb Christian Kuelker:
> > (3) It must be documented, for the developers.
>
> Yes, but the md5sum will be different on any machine.

And how it can be secured on the machine. SInce it is stored on HD. 
You do not prove till now that is not necessary to store.


> We will increase security when we
> 1. disable any modes of login for root (the root password will lose its
> value then!)

I do not know what will try to tell us with this sentence. 

> 2. refrain from storing _plain_ passwords.

Well if there is a possibillity not to store, then I will not store,
But for every automatic secure communictaion between 2
machines there must be saved a credential on both machines.
You can not establish trust with air. 


Greetings
Christian