The key must not be stored, as it can be reproduced from /proc. Therefor you need already to be there. On your local machine, you will get another md5sum.
Am Mittwoch 13 Dezember 2006 15:11 schrieb Christian Kuelker: > (3) It must be documented, for the developers. Yes, but the md5sum will be different on any machine. > > So you will not gain a bit of security. We will increase security when we 1. disable any modes of login for root (the root password will lose its value then!) 2. refrain from storing _plain_ passwords. The 2nd case together with a sligh policy for the Skolelinux backupserver has given pupils access to the root password. Imagine this scenario: Mister X is an administrating teacher, just our target group, as his Linux skills are rather mediocre. During summer holidays he dares install a combined Tjener/LTSP. By means of some Webmin based interface, he imports users from csv files that are stored in his local home directory /skole/tjener/home0. He is wise enough to delete those files and even his account before school starts. Now, every pupil gets their password. Cool Joe does a search for his password (say "ToPSeCr3t") and - wow! - discovers a file import.csv (or some mozilla cache log) in /skole/tjener/backup/skole/tjener/home0/misterx which is world readable. Of course, you could blame Mister X being ignorant towards rights of mounted discs and so on - but I know that this mistake is made by most amateur admins (just start searching now!) Yes, I know, my suggestions are rather tentative - but hopefully inspiring to some of you ;) Regards Ralf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
