Re: Isn't it a security hole...
At 05:01 PM 8/14/96 +0200, you wrote:
>
>...the attribute readable for others in case of the file /etc/passwd?
>
>Recently my debian system was cracked by several pirates. They have
>account name and the password widely broadcasted on an IRC channel. The
>only way, as I guess, they grabed root's privilages was free access to
>/etc/passwd.
>Is there a free and debianized shadow-password package?
Make sure you take good steps to ensure your security - for example, when a
user changes passwords on my network it wont let them change it to a
dictionary word, must have uppercase letters, and at least 1 numeral in it.
(that's the way I installed Debian 1.1 anyway - by default it does this I
think as long as you install a dictionary).
There certainly is a debian shadow password package... Check the
project/experimental directory - be forewarned though, it's exactly that --
experimental :-) I however have run it fine and it does seem to work
(though I'm not using it now because I reformatted).
...Karl
--
Karl Ferguson,
Tower Networking Pty Ltd (ACN: 072 322 760) karl@tower.net.au
t/a STAR Online Services karl@debian.org
Tel: +61-9-455-3446 Fax: +61-9-455-2776 http://www.star.net.au/
Reply to: