[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: non-root password lookups?

On Mon, Jan 18, 1999 at 10:36:35AM +0100, Martin Bialasinski wrote:
> What use would shadow passwords have, if a unprivileged user can query 
> them?

Well...then the query is at your control - and if you make a single query take
a full second (or more) then it will take a very long time to brute force
anything (and thats assuming there is no logging).
> I heared on Solaris you have a daemon, which takes username/password
> and tells you if the combination is OK.

Ahh....that sounds interesting....I'll have to reaserch into that idea.




The box said "Windows 95, NT or better" .. so I installed Debian Linux
Reply with subject 'request key' for PGP public key.  KeyID 0xA9E087D5

Reply to: