begin quoting Tracy R Reed as of Tue, Jun 05, 2007 at 12:09:43AM -0700: > Brian LaMere wrote: [snip] > > being whimsical with root, IMO. Grub has a password. Root has a > > password. I simply would like a CLI tool for storing said passwords. > > You password protect your grub? When I run into a password protected > grub I just boot it from floppy or USB key or PXE boot over the network > or if the BIOS itself is passworded I just pull the whole drive out. > Physical access means all bets are off.
There are ways to mitigate that. This is where the whole "trusted computing base" comes into play, after all. We aren't likely to see this on consumer-grade computers unless Palladium or whatever it's called this week actually get established (and computers stop being ours and start being theirs). > > That tool, and the database that it is on, WILL be physically secure. > > Physically secure to the extent that you don't just have to steal my > > key to get in, you also have to steal my *finger*, as it uses a > > combination biometrics and reg key. Also, that just gets you into the > > Using ssh keys for authentication is *safer* than just using a root > password such as you are doing now. Because it is a two-factor > authentication. You have to possess the key *and* know the password to Normally you don't set up ssh-key authentication to use passwords, at least that I've seen. Does key + password really give you two factor authentication? The key is only sorta "something you have" -- it's mostly "something your computer knows", isn't it? Now, if we could use a smart cart for encryption and authentication.... > decrypt it. Someone simply stealing your key doesn't gain them anything > if they can't get your password. And if they can get your password they > can defeat your current system of using only passwords as well. Generally, if they're able to steal your key, they have already compromised your account, in which case they can steal your passwords and passphrases and you're still toast. Still, key + password isn't any worse than password-only systems, which I think was your point. [snip] > > key-based auth for root? Not happening, even if it wasn't disallowed > > by the DoD. > > That's a shame because it actually provides better security, as I noted > above. I thought it was key-based authentication to a user, and then sudo to become root. . . [snip] > Hopefully you will GPL it so that others who have a similar need can Or BSD (4-clause!) it. :) > find the solution that you sought as well. Next time someone asks this > question we will say "Ah, You need Brian Lamere's excellent password > management tool!" :) ...given that you have hundreds of hosts to manage... [snip] > You are right. The philosophical debate should have happened before the > systems were even installed in the ER. Heh. > Why does root exist? Historical > baggage from a day when Unix machines were not connected to networks and > everyone trusted each other. And it was never really a good idea even > then. Up to the "everyone trusted each other" you were doing fine. :) UNIX can be seen as a derivation of MULTICS with a lot of the useless baggage thrown away; why does root exist? Because there are things that require priveleged access, but a full-blown multilevel access control system is overkill for a departmental computer. UNIX wasn't as paranoid as MULTICS, but it (UNIX) still has ACLs, from the very beginning, if I understand correctly. Plus, I've yet to see a system that could be usable without some sort of superuser mode available. > Now we need accountability and root doesn't provide that except as > provided by your time consuming "Hey, who opened this envelope?!" system. That's because we no longer have teletype console terminals. :) -- I used to work on a system that had a dedicated printer for system logging. Stewart Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
