unified authentication
Jason Stone
freebsd-security at dfmm.org
Wed Sep 24 23:10:57 PDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> > Well, it's worse than that - since the packets are not authenticated in
> > any way, an active attacker doesn't need to crack passwords - he can just
> > inject his own packets which can have crypted passwords that he knows.
>
> Which is why I use NIS with Kerberos - the passwords aren't in the NIS
> maps and injected fake users won't be authenticated by Kerberos.
Okay, but I can still set jason's uid the same as tillman's and then use
his dot-files to alias his ssh to a trojan. Or set jason's uid to zero....
-Jason
--------------------------------------------------------------------------
Freud himself was a bit of a cold fish, and one cannot avoid the suspicion
that he was insufficiently fondled when he was an infant.
-- Ashley Montagu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg
iD8DBQE/cobvswXMWWtptckRAjboAJ9Tce8Ut/0Wl8PFYdGF3bn5LAe+8wCdH/Y5
Ml4lVzqto18/4OKPZUIAhZU=
=IxMK
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list