From owner-freebsd-arch Mon May 28 23:53:57 2001 Delivered-To: freebsd-arch@freebsd.org Received: from netau1.alcanet.com.au (ntp.alcanet.com.au [203.62.196.27]) by hub.freebsd.org (Postfix) with ESMTP id F309737B422 for ; Mon, 28 May 2001 23:53:53 -0700 (PDT) (envelope-from jeremyp@gsmx07.alcatel.com.au) Received: from mfg1.cim.alcatel.com.au (mfg1.cim.alcatel.com.au [139.188.23.1]) by netau1.alcanet.com.au (8.9.3 (PHNE_22672)/8.9.3) with ESMTP id QAA14512; Tue, 29 May 2001 16:53:51 +1000 (EST) Received: from gsmx07.alcatel.com.au by cim.alcatel.com.au (PMDF V5.2-32 #37641) with ESMTP id <01K45639W00GVF92ZY@cim.alcatel.com.au>; Tue, 29 May 2001 16:53:38 +1000 Received: (from jeremyp@localhost) by gsmx07.alcatel.com.au (8.11.1/8.11.1) id f4T6rce13260; Tue, 29 May 2001 16:53:39 +1000 (EST envelope-from jeremyp) Content-return: prohibited Date: Tue, 29 May 2001 16:53:38 +1000 From: Peter Jeremy Subject: Re: PAM, S/Key and authentication schemes. In-reply-to: <200105290602.f4T62A654885@gratis.grondar.za>; from mark@grondar.za on Tue, May 29, 2001 at 08:04:27AM +0200 To: Mark Murray Cc: arch@FreeBSD.ORG Mail-Followup-To: Mark Murray , arch@FreeBSD.ORG Message-id: <20010529165338.I89950@gsmx07.alcatel.com.au> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline User-Agent: Mutt/1.2.5i References: <20010528174728.A39588@xor.obsecurity.org> <200105290602.f4T62A654885@gratis.grondar.za> Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 2001-May-29 08:04:27 +0200, Mark Murray wrote: >> > The only danger area I can see is the need to check root password to >> > get to single-user if the console is not secure. This needs to work >> > even if (and especially when) the system is hosed. I wouldn't like to >> > see init become dependent on the dynamic loader and various PAM >> > libraries in this case. >> >> We also compile all of the PAM modules included in the base system >> into a static libpam which allows statically-linked binaries to work, >> up to a point (they won't work if the system administrator tries to >> use a third-party PAM module) > >I'll stay out of the static stuff as long as I can for exactly this >reason. Init(8) will be especially left alone. :-) Which means that somewhere there needs to be a note that if your console is marked 'insecure' then /etc/master.passwd must contain a root password that crypt(3) can understand (irrespective of how eg login(1) might authenticate a root login attempt). Otherwise, someone is sure to get bitten. The init(8) man page is one possibility, but I'm not sure it's the obvious place to look when you discover you're locked out of single-user mode. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message