[tech] Getting mooneye to be a NIS slave
David Luyer
david_luyer at pacific.net.au
Sat Sep 30 21:45:19 WST 2000
> Coke auth just gives a remote program the salt, that program does the crypt,
> and sends it over, and then the coke server answers whether it matches or not?
> Then you can still get the crypts by watching the network, and observing
> the server responses.
You can't request the crypt from a system on the network under cokeauth.
Someone who hacked mermaid could instantly list all crypts via NIS.
Or even without hacking it if we're not running secured NIS (ypcat shadow
anyone? :-).
> So doesn't it just make it harder rather than fixing the problem?
It means even a root compromise doesn't instantly give you a full crypt list.
Even SSH only "makes things harder". Just that "harder" in the SSH case is
"hard enough to give NSA a headache".
David.
--
----------------------------------------------
David Luyer
Senior Network Engineer
Pacific Internet (Aust) Pty Ltd
Phone: +61 3 9674 7525
Fax: +61 3 9699 8693
Mobile: +61 4 1064 2258, +61 4 1114 2258
http://www.pacific.net.au NASDAQ: PCNTF
<< fast 'n easy >>
----------------------------------------------
More information about the tech
mailing list