From owner-freebsd-isp Sun Apr 20 00:52:00 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id AAA10205 for isp-outgoing; Sun, 20 Apr 1997 00:52:00 -0700 (PDT) Received: from phobos.illtel.denver.co.us (abelits@phobos.illtel.denver.co.us [207.33.75.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA10199; Sun, 20 Apr 1997 00:51:55 -0700 (PDT) Received: from localhost (abelits@localhost) by phobos.illtel.denver.co.us (8.8.5/8.6.9) with SMTP id AAA02880; Sun, 20 Apr 1997 00:53:04 -0700 Date: Sun, 20 Apr 1997 00:53:04 -0700 (PDT) From: Alex Belits To: "Kevin P. Neal" cc: Vinay Bannai , freebsd-hackers@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Re: Need a common passwd file among machines In-Reply-To: <1.5.4.32.19970420072729.00975ec4@mindspring.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sun, 20 Apr 1997, Kevin P. Neal wrote: > At 11:05 PM 4/19/97 -0700, Alex Belits wrote: > >P.S. Is there any existing thing or at least an idea of making one that > >does this thing nicer? NIS is based on rather dumb idea that to > >authenticate local user one will want to go to some server and ask him > >instead of IMHO more sane approach of distributing authentication > >information from that server to always perform authentication locally and > >never depend on some host being accessible at the time of user's login. > > This doesn't scale. > > Well, not really. Distribution of password files doesn't take the amount of resources any close to what remote authentication does, whatever is the scale. NIS does caching, but it's done in insecure manner. > At NCSU they use Hesiod+Kerberos to handle logins. This way they don't have > to keep I don't know how many hundred or thousand machines /etc/passwd files > current. > > Also, they don't have passwords going on the wire in the clear -- the passwords > are handled in a safe manner by Kerberos. ssh does that, and helps to avoid dreaded xhost, too -- for some reason I never was able to make users use xauth other way than sending something really awful to their X terminal, like large number of xeyes or blinking root window. > Along with this is the fact that > passwords are *never* stored on client machines -- a security bonus. > > This is much saner than distributing /etc/passwd files everywhere, IMHO. Having password file at the local box can't be a security problem -- the level of brokenness that is necessary to access shadow password file is as high as necessary to make kerberos useless, and if passwords are chosen in more or less sane manner ("fascist" password checker) even that isn't a direct security threat. Kerberos is vulnerable to denial of service attack or plain network problems, but distributing passwords can be only delayed by such things with no direct threat for already configured users. -- Alex