[tech] Getting mooneye to be a NIS slave
Grahame Bowland
gbowland at ucc.gu.uwa.edu.au
Sat Sep 30 20:52:30 WST 2000
On Fri, Sep 29, 2000 at 12:57:29AM +1100, David Luyer wrote:
>
> > > But other people can look into our network there and maybe get passwd crypts?
> >
> > Assuming it's set up sanely (yes I know) then nobody outside of that network
> > will be able to get any data from the server. If they are on that network,
> > then they can just get the raw passwords as they fly by.
>
> Not for SSH.
>
> The NIS possibility to steal raw crypts is a problem cokeauth solved years
> ago which was exactly the reason it was developed :-) However UCC lacked
> people with the motivation to hack successive systems to support it.
Coke auth just gives a remote program the salt, that program does the crypt,
and sends it over, and then the coke server answers whether it matches or not?
Then you can still get the crypts by watching the network, and observing
the server responses.
So doesn't it just make it harder rather than fixing the problem?
Cheers,
Grahame
More information about the tech
mailing list