[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: non-root password lookups?

On Mon, Jan 18, 1999 at 11:48:59AM -0500, J. S. Connell wrote:
> On 18 Jan 1999, Martin Bialasinski wrote:
> > I heared on Solaris you have a daemon, which takes username/password
> > and tells you if the combination is OK.
> rpc.pwdauthd.  Nice idea, but Linux doesn't have (as far as I am aware) any
> kind of a credentials mechanism so you know you're talking to a _real_
> rpc.pwdauthd and not some fake daemon some s|<r1pt kiddie is running.  (I'm
> vague on the exact mechanism involved, but I seem to recall reading about
> it on either BUGTRAQ or linux-kernel recently.)

Can you explain what the problem with a auth daemon is?  If there was a daemon
listening on a system port then why couldn't local processes be sure that it
is the real thing (since its the same machine anyway - if a skript kiddie can
fake the daemon running on a system port then he has root anyway)?  What am I




The box said "Windows 95, NT or better" .. so I installed Debian Linux
Reply with subject 'request key' for PGP public key.  KeyID 0xA9E087D5

Reply to: