--On Thursday, January 24, 2002 11:24:53 -0800 Sysop <[EMAIL PROTECTED]> wrote:
> David Chin wrote: > >> In message <[EMAIL PROTECTED]>, Sam >> Varshavchik write s: >> >>> Papo Napolitano writes: >>> >>>> As I don't trust plaintext passwords in files (no matter the >>>> permissions) I >>>> >>> If you don't trust POSIX permissions, well, it's time to give up on >>> *NIX completely, and reformat and install NT. >>> >> >> Um, then why are passwords in /etc/shadow encrypted? >> >> --Dave >> > because if I'm not mistaken, everybody has to be able to read > /etc/shadow, or there is some reason why those files need to be readable. > And it's *more* securty. Um, you're sorta mistaken. /etc/passwd has to be readable by everyone for those archaic programs which do not know how to use getpwent(3). /etc/shadow (on SysV/Linux) or /etc/master.passwd (on *BSD) should *not* be world readable to prevent dictionary attacs against the crypted passwords contained therein. > But for webadmin password, POSIX permissions should be enough. Yeah, cause if you're rooted, you've got much bigger problems than your webadmin password being plain text. -- Yarema _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
