Date: Wed, 24 Sep 2003 23:10:55 -0700 (PDT) From: Jason Stone <freebsd-security@dfmm.org> To: freebsd-security@freebsd.org Subject: Re: unified authentication Message-ID: <20030924230228.K55021@walter> In-Reply-To: <20030924191807.D18252@seekingfire.com> References: <bks9kq$46u$1@sea.gmane.org> <20030924122724.V31322@localhost> <200309241555.30825.jesse@wingnet.net> <20030924153355.T55021@walter> <20030924191807.D18252@seekingfire.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > Well, it's worse than that - since the packets are not authenticated in > > any way, an active attacker doesn't need to crack passwords - he can just > > inject his own packets which can have crypted passwords that he knows. > > Which is why I use NIS with Kerberos - the passwords aren't in the NIS > maps and injected fake users won't be authenticated by Kerberos. Okay, but I can still set jason's uid the same as tillman's and then use his dot-files to alias his ssh to a trojan. Or set jason's uid to zero.... -Jason -------------------------------------------------------------------------- Freud himself was a bit of a cold fish, and one cannot avoid the suspicion that he was insufficiently fondled when he was an infant. -- Ashley Montagu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE/cobvswXMWWtptckRAjboAJ9Tce8Ut/0Wl8PFYdGF3bn5LAe+8wCdH/Y5 Ml4lVzqto18/4OKPZUIAhZU= =IxMK -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030924230228.K55021>