Re: root access

Thu, 22 Jun 2000 15:44:52 -0700 

On Thu, Jun 22, 2000 at 04:10:20PM -0400, Paul Lussier <[EMAIL PROTECTED]> wrote:
> Bob Bell said:
> >> Does it ask you for the old NIS passwd if you:
> >
> >    Yes, in fact it still does.
> 
> Well that's good to know.  At least someone does it right :)  Though, does
> running passwd as root also ask for the user's old passwd?  Neither Solaris 
> nor Linux do this, and if the root passwd compromised is also managed via NIS, 
> then someone just got root access to the NIS server.  I think you can see 
> where this would lead :)

    Each machine has its own root password (AFAIK, they are at least
local, not NIS-mapped).

> Well, I'd be curious to know if the data were at least encrypted, or if it 
> would be susceptible to network sniffing.  I've never really sniffed a network 
> and looked for yppasswd RPC transfers before.

    I think the data is sent crypt'ed before it's sent.  And a version
of the old password appears to be sent along with it.  Wait... oh, the
new password is crypt'ed, but the old one is sent plain text.  I
suppose that is necessary for the NIS server to verify authenticity.
I suppose this is part of the NIS standard.  At least the new password
is crypted.

    That leaves open the possibility of someone sniffing the old
password.  If they are somehow able to sniff the old password and
prevent the yppasswd request from completing, they might be able to
jump in and highjack your account.  It's likely that you would realize
right away, and this is a very small window of opportunity and seems
hard to do.  Still, I suppose it is possible, although this might fall
into the realm of tough enough that there needs to be real malicious
intent.

-- 
Bob Bell                Compaq Computer Corporation
Software Engineer       110 Spit Brook Rd - ZKO3-3/U14
TruCluster Group        Nashua, NH 03062-2698
[EMAIL PROTECTED]     603-884-0595

**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************

Reply via email to