The only reason to lock down the password file in this way is to prevent
users accessing the password to make crack runs on it. If you severely
restrict who can login to the AFS servers (our site only allows root!), then
using secure password files serves no real purpose. (If it requires root
level privilege to access the system, then there isn't much purpose in
hiding things from "everyone except root", since root can still read those
files and no other accounts exist!)
On Wed, 11 Sep 1996 10:40:23 -0500 Jim Barlow wrote:
>
> We have recently set up a couple of new HP D250 machines, running HPUX 10.01,
> as AFS file servers. I noticed that root's passwd was stored in the
> /etc/passwd file, so I stated looking at the security options in sam.
> I made the machine a trusted system, which will store the passwords in
> a database. I was thinking that it would be similar to Solaris storing
> the passwords in the /etc/shadow file. Once I had done this I could not
> log into the console as root. I had to reboot into single user mode and
> go back to using the HPUX version of login. Evidently the Transarc modified
> version of login does not look in the database, which was located in the
> /tcb/files/auth directory (no /etc/shadow file). Has anybody else run into
> this problem? And if so, how can we use Transarc's login, getting a token
> when we log in, and still be able to login as root?
>
> --
> James J. Barlow
> System Engineer, Advanced Computing Group
> National Center for Supercomputing Applications
> 605 East Springfield Avenue
> Champaign, IL 61820 Voice : (217)244-6403
> [EMAIL PROTECTED] Cell : (217)369-8349
> Fax : (217)244-1987
> http://www.ncsa.uiuc.edu/People/jbarlow
>
