From owner-freebsd-security  Wed Jul  7 18:50:35 1999
Delivered-To: freebsd-security@freebsd.org
Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247])
	by hub.freebsd.org (Postfix) with ESMTP id 1D56D14EF1
	for <freebsd-security@freebsd.org>; Wed,  7 Jul 1999 18:50:29 -0700 (PDT)
	(envelope-from kkennawa@physics.adelaide.edu.au)
Received: from bragg (bragg [129.127.36.34])
	by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id LAA25451;
	Thu, 8 Jul 1999 11:20:16 +0930 (CST)
Received: from localhost by bragg; (5.65/1.1.8.2/05Aug95-0227PM)
	id AA14646; Thu, 8 Jul 1999 11:19:56 +0930
Date: Thu, 8 Jul 1999 11:19:56 +0930 (CST)
From: Kris Kennaway <kkennawa@physics.adelaide.edu.au>
X-Sender: kkennawa@bragg
To: Ladavac Marino <mladavac@metropolitan.at>
Cc: "'Josef Karthauser'" <joe@pavilion.net>,
	Brian Somers <brian@awfulhak.org>, Mark Thomas <thomas@clark.net>,
	freebsd-security@freebsd.org, Wayne Self <wself@cdrom.com>
Subject: Credential storage (was RE: userland ppp - startup)
In-Reply-To: <55586E7391ACD211B9730000C11002761796DA@r-lmh-wi-100.corpnet.at>
Message-Id: <Pine.OSF.4.10.9907081046500.21412-100000@bragg>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 7 Jul 1999, Ladavac Marino wrote:

> > Hmm... how to do this then?  The sppp setup code in rc.* allows
> > username/password
> > to be specified.  Can it be done in the environment then?  (If rc.conf
> > is visable
> > then the sppp config gives usernames and passwords away as it stands
> > today.)
> 	[ML]  Don't know about sppp, but the only halfway secure way to
> keep this sensitive data is in a file readable by root, and having the
> program which needs it setuid root.  Sounds a lot like
> /etc/ppp/ppp.conf, doesn't it?
> 
> 	The secure way would be not keeping the info at all :)

You know, I wonder if it's time to look at providing a generic credential
storage registry; things like password hashes, PPP shared secrets, etc, could
be stored here instead of in lots of separate files.

So user account passwords could point to a SHA-1 hash in the registry, ppp
shared secrets would point to an NT and/or LM hash, samba accounts could have
an associated NT/LM hash, etc. More than one hash could be associated with any
given entity.

The modules which manipulate individual credentials (hashes) would be
pluggable along the lines of PAM.

What do people think - is this worth pursuing?

Kris

-----
"Never criticize anybody until you have walked a mile in their shoes,
because by that time you will be a mile away and have their shoes."
    -- Unknown




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message