unified authentication

Jason Stone freebsd-security at dfmm.org
Wed Sep 24 23:10:57 PDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> > Well, it's worse than that - since the packets are not authenticated in
> > any way, an active attacker doesn't need to crack passwords - he can just
> > inject his own packets which can have crypted passwords that he knows.
>
> Which is why I use NIS with Kerberos - the passwords aren't in the NIS
> maps and injected fake users won't be authenticated by Kerberos.

Okay, but I can still set jason's uid the same as tillman's and then use
his dot-files to alias his ssh to a trojan.  Or set jason's uid to zero....


 -Jason

 --------------------------------------------------------------------------
 Freud himself was a bit of a cold fish, and one cannot avoid the suspicion
 that he was insufficiently fondled when he was an infant.
	-- Ashley Montagu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg

iD8DBQE/cobvswXMWWtptckRAjboAJ9Tce8Ut/0Wl8PFYdGF3bn5LAe+8wCdH/Y5
Ml4lVzqto18/4OKPZUIAhZU=
=IxMK
-----END PGP SIGNATURE-----


More information about the freebsd-security mailing list