From owner-freebsd-security  Thu Mar 25 10:37:23 1999
Delivered-To: freebsd-security@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
	by hub.freebsd.org (Postfix) with ESMTP id 9A07B14BFF
	for <freebsd-security@FreeBSD.ORG>; Thu, 25 Mar 1999 10:37:22 -0800 (PST)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id KAA00989;
	Thu, 25 Mar 1999 10:36:55 -0800 (PST)
	(envelope-from dillon)
Date: Thu, 25 Mar 1999 10:36:55 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199903251836.KAA00989@apollo.backplane.com>
To: James Wyatt <jwyatt@RWSystems.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Kerberos vs SSH
References:  <Pine.BSF.4.05.9903250926290.23152-100000@kasie.rwsystems.net>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


:
:On Thu, 25 Mar 1999, Matthew Dillon wrote:
:	[ ... ]
:>     are still vulnerable.  You can get into the account just fine without 
:>     exposing a password, but once in the account if you need to type a
:>     password of any sort in to do something else, *that* password is
:>     vulnerable to interception.
:
:especially sudo and su... - Jy@

    We used sudo for a little while 3 years ago, but I decided that it was
    too big a security risk and wiped it.  sudo is one of the stupidest
    programs I've ever seen.
    
					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message