Date: Sun, 20 Apr 1997 00:53:04 -0700 (PDT) From: Alex Belits <abelits@phobos.illtel.denver.co.us> To: "Kevin P. Neal" <kpneal@pobox.com> Cc: Vinay Bannai <vinay@agni.nuko.com>, freebsd-hackers@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Re: Need a common passwd file among machines Message-ID: <Pine.LNX.3.95.970420002959.834E-100000@phobos.illtel.denver.co.us> In-Reply-To: <1.5.4.32.19970420072729.00975ec4@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 20 Apr 1997, Kevin P. Neal wrote:
> At 11:05 PM 4/19/97 -0700, Alex Belits wrote:
> >P.S. Is there any existing thing or at least an idea of making one that
> >does this thing nicer? NIS is based on rather dumb idea that to
> >authenticate local user one will want to go to some server and ask him
> >instead of IMHO more sane approach of distributing authentication
> >information from that server to always perform authentication locally and
> >never depend on some host being accessible at the time of user's login.
>
> This doesn't scale.
>
> Well, not really.
Distribution of password files doesn't take the amount of resources any
close to what remote authentication does, whatever is the scale. NIS does
caching, but it's done in insecure manner.
> At NCSU they use Hesiod+Kerberos to handle logins. This way they don't have
> to keep I don't know how many hundred or thousand machines /etc/passwd files
> current.
>
> Also, they don't have passwords going on the wire in the clear -- the passwords
> are handled in a safe manner by Kerberos.
ssh does that, and helps to avoid dreaded xhost, too -- for some
reason I never was able to make users use xauth other way than sending
something really awful to their X terminal, like large number of xeyes or
blinking root window.
> Along with this is the fact that
> passwords are *never* stored on client machines -- a security bonus.
>
> This is much saner than distributing /etc/passwd files everywhere, IMHO.
Having password file at the local box can't be a security problem --
the level of brokenness that is necessary to access shadow password file
is as high as necessary to make kerberos useless, and if passwords are
chosen in more or less sane manner ("fascist" password checker) even that
isn't a direct security threat. Kerberos is vulnerable to denial of
service attack or plain network problems, but distributing passwords can
be only delayed by such things with no direct threat for already
configured users.
--
Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.95.970420002959.834E-100000>