[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [leafnode-list] Question regarding authentification
Michael Faurot wrote:
> Cornelius Krasel <krasel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> : While dealing with Mark Brown's authinfo patch, I wrote an extension for
> : the nntpd which allows authinfo based on the contents of /etc/passwd and
> : /etc/shadow -- or so I thought. Obviously, the nntpd cannot access the
> : shadowed password file since it does not run as the superuser but as
> : user "news" instead. Therefore, I am curious as to what your opinion is.
> : I see at least the following possibilities:
>
> : 1) Ignoring authentification based on /etc/shadow
>
> : 2) Let the nntpd run on UID (or GID) 0
>
> : 3) Have an own user/password file which is readable by news:news
>
> : What do you think?
>
> Why not write a seperate SUID program that could be called by nntpd.
I don't think this is a good idea because it overrides the additional
security provided by /etc/shadow. Any other program will be able to
call this suid program as well, and therefore there is no point in
using /etc/shadow any more.
--Cornelius.
--
/* Cornelius Krasel, U Wuerzburg, Dept. of Pharmacology, Versbacher Str. 9 */
/* D-97078 Wuerzburg, Germany email: phak004@xxxxxxxxxxxxxxxxxxxxxx SP4 */
/* "Science is the game we play with God to find out what His rules are." */
--
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list