[tech] Getting mooneye to be a NIS slave

Grahame Bowland gbowland at ucc.gu.uwa.edu.au
Sat Sep 30 20:52:30 WST 2000


On Fri, Sep 29, 2000 at 12:57:29AM +1100, David Luyer wrote:
> 
> > > But other people can look into our network there and maybe get passwd crypts?
> > 
> > Assuming it's set up sanely (yes I know) then nobody outside of that network
> > will be able to get any data from the server. If they are on that network, 
> > then they can just get the raw passwords as they fly by.
> 
> Not for SSH.
> 
> The NIS possibility to steal raw crypts is a problem cokeauth solved years
> ago which was exactly the reason it was developed :-)  However UCC lacked
> people with the motivation to hack successive systems to support it.

Coke auth just gives a remote program the salt, that program does the crypt, 
and sends it over, and then the coke server answers whether it matches or not? 
Then you can still get the crypts by watching the network, and observing 
the server responses.

So doesn't it just make it harder rather than fixing the problem?

Cheers,
Grahame




More information about the tech mailing list