周彬 | 2 Jul 12:34 2008

unregister

 
 
 
 

在2008-04-23,"Håkon Løvdal" <hlovdal <at> gmail.com> 写道: >On 23/04/2008, Ben Gladwell

网易首款免费3D网游“天下2”,6月6日激情公测
_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Bernard Fay | 8 Jul 17:07 2008
Picon

password in passwd not in shadow for one user

Hi,

I have one user with his password in the passwd file and no entry in the shadow file.  All other users use shadow for their password.

Does someone know how it could happened?

This is on a SLES-10 with SP1.

thanks,
Bernard

_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Thorsten Kukuk | 8 Jul 17:09 2008
Picon

Re: password in passwd not in shadow for one user

On Tue, Jul 08, Bernard Fay wrote:

> Hi,
> 
> I have one user with his password in the passwd file and no entry in the
> shadow file.  All other users use shadow for their password.
> 
> Does someone know how it could happened?

Depends on what this user is. There are a lot of possibilities
how this can happen.

  Thorsten

--

-- 
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)
Bernard Fay | 8 Jul 17:28 2008
Picon

Re: password in passwd not in shadow for one user

A regular user, actually my own account for daily use, created simply with adduser.
I expected to see it in /etc/shadow like all other regular users.

Bernard

On Tue, Jul 8, 2008 at 11:09 AM, Thorsten Kukuk <kukuk <at> suse.de> wrote:
On Tue, Jul 08, Bernard Fay wrote:

> Hi,
>
> I have one user with his password in the passwd file and no entry in the
> shadow file.  All other users use shadow for their password.
>
> Does someone know how it could happened?

Depends on what this user is. There are a lot of possibilities
how this can happen.

 Thorsten

--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)

_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list

_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Thorsten Kukuk | 8 Jul 17:59 2008
Picon

Re: password in passwd not in shadow for one user

On Tue, Jul 08, Bernard Fay wrote:

> A regular user, actually my own account for daily use, created simply with
> adduser.

SLES10 SP2 does not have an adduser command...

> I expected to see it in /etc/shadow like all other regular users.

Yes, it should be there. And there are no known bug reports that this
is not the case with the standard tools, so either you found an until
now unknown bug, or you used some tool which does not know about shadow
passwords.

  Thorsten

> Bernard
> 
> On Tue, Jul 8, 2008 at 11:09 AM, Thorsten Kukuk <kukuk <at> suse.de> wrote:
> 
> > On Tue, Jul 08, Bernard Fay wrote:
> >
> > > Hi,
> > >
> > > I have one user with his password in the passwd file and no entry in the
> > > shadow file.  All other users use shadow for their password.
> > >
> > > Does someone know how it could happened?
> >
> > Depends on what this user is. There are a lot of possibilities
> > how this can happen.
> >
> >  Thorsten
> >
> > --
> > Thorsten Kukuk, Project Manager/Release Manager SLES
> > SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
> > GF: Markus Rex, HRB 16746 (AG Nuernberg)
> >
> > _______________________________________________
> > Pam-list mailing list
> > Pam-list <at> redhat.com
> > https://www.redhat.com/mailman/listinfo/pam-list
> >

> _______________________________________________
> Pam-list mailing list
> Pam-list <at> redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list

--

-- 
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)
Bobby Cox | 9 Jul 16:23 2008

Pam LDAP - Is It Possible To Encrypt Bindpw?

Hello All,

If this is not the correct list please excuse me, and would you please direct me to the appropriate place.  If
this is the right place, here is my question:

Is it possible to encrypt bindpw in ldap.conf?   We currently do not allow anonymous bind and would rather not
leave the bindpw in clear text if at all possible.

Thanks,
Bobby Cox
Thorsten Kukuk | 9 Jul 16:28 2008
Picon

Re: Pam LDAP - Is It Possible To Encrypt Bindpw?

On Wed, Jul 09, Bobby Cox wrote:

> Hello All,
> 
> If this is not the correct list please excuse me, and would you please direct me to the appropriate place.  If
this is the right place, here is my question:
> 
> Is it possible to encrypt bindpw in ldap.conf?   We currently do not allow anonymous bind and would rather
not leave the bindpw in clear text if at all possible.

If you encrypt it in ldap.conf, you need to store the key somewhere.
This only makes it more complicated for an attacker, but will not
solve your problem.

  Thorsten
--

-- 
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)
Bobby Cox | 9 Jul 16:37 2008

RE: Pam LDAP - Is It Possible To Encrypt Bindpw?

Thorsten,

Thank you for your reply. Would you happen to know the syntax necessary to accomplish this or a link to a doc?  
In our case a small deterrent is better then none.

Regards,
Bobby Cox
________________________________________
From: pam-list-bounces <at> redhat.com [pam-list-bounces <at> redhat.com] On Behalf Of Thorsten Kukuk [kukuk <at> suse.de]
Sent: Wednesday, July 09, 2008 9:28 AM
To: pam-list <at> redhat.com
Subject: Re: Pam LDAP - Is It Possible To Encrypt Bindpw?

On Wed, Jul 09, Bobby Cox wrote:

> Hello All,
>
> If this is not the correct list please excuse me, and would you please direct me to the appropriate place.  If
this is the right place, here is my question:
>
> Is it possible to encrypt bindpw in ldap.conf?   We currently do not allow anonymous bind and would rather
not leave the bindpw in clear text if at all possible.

If you encrypt it in ldap.conf, you need to store the key somewhere.
This only makes it more complicated for an attacker, but will not
solve your problem.

  Thorsten
--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)

_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Thorsten Kukuk | 9 Jul 16:44 2008
Picon

Re: Pam LDAP - Is It Possible To Encrypt Bindpw?

On Wed, Jul 09, Bobby Cox wrote:

> Thorsten,
> 
> Thank you for your reply. Would you happen to know the syntax necessary to accomplish this or a link to a doc?  
In our case a small deterrent is better then none.

I don't know if it is possible, I only said that it does not make
much sense to do so. Better to ristrict the access to the file as
far as possible, with attributes, AppArmor and/or SELinux.

  Thorsten

> 
> Regards,
> Bobby Cox
> ________________________________________
> From: pam-list-bounces <at> redhat.com [pam-list-bounces <at> redhat.com] On Behalf Of Thorsten Kukuk [kukuk <at> suse.de]
> Sent: Wednesday, July 09, 2008 9:28 AM
> To: pam-list <at> redhat.com
> Subject: Re: Pam LDAP - Is It Possible To Encrypt Bindpw?
> 
> On Wed, Jul 09, Bobby Cox wrote:
> 
> > Hello All,
> >
> > If this is not the correct list please excuse me, and would you please direct me to the appropriate place. 
If this is the right place, here is my question:
> >
> > Is it possible to encrypt bindpw in ldap.conf?   We currently do not allow anonymous bind and would rather
not leave the bindpw in clear text if at all possible.
> 
> If you encrypt it in ldap.conf, you need to store the key somewhere.
> This only makes it more complicated for an attacker, but will not
> solve your problem.
> 
>   Thorsten
> --
> Thorsten Kukuk, Project Manager/Release Manager SLES
> SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
> GF: Markus Rex, HRB 16746 (AG Nuernberg)
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list <at> redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list <at> redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list

--

-- 
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)
Bobby Cox | 9 Jul 16:51 2008

RE: Pam LDAP - Is It Possible To Encrypt Bindpw?

Thorsten,

I see, thank you for the clarification.  I'll research your suggestions, although AppArmor won't be one,
we're not using SUSE. :)

Regards,
Bobby Cox

________________________________________
From: pam-list-bounces <at> redhat.com [pam-list-bounces <at> redhat.com] On Behalf Of Thorsten Kukuk [kukuk <at> suse.de]
Sent: Wednesday, July 09, 2008 9:44 AM
To: Pluggable Authentication Modules
Subject: Re: Pam LDAP - Is It Possible To Encrypt Bindpw?

On Wed, Jul 09, Bobby Cox wrote:

> Thorsten,
>
> Thank you for your reply. Would you happen to know the syntax necessary to accomplish this or a link to a doc?  
In our case a small deterrent is better then none.

I don't know if it is possible, I only said that it does not make
much sense to do so. Better to ristrict the access to the file as
far as possible, with attributes, AppArmor and/or SELinux.

  Thorsten

>
> Regards,
> Bobby Cox
> ________________________________________
> From: pam-list-bounces <at> redhat.com [pam-list-bounces <at> redhat.com] On Behalf Of Thorsten Kukuk [kukuk <at> suse.de]
> Sent: Wednesday, July 09, 2008 9:28 AM
> To: pam-list <at> redhat.com
> Subject: Re: Pam LDAP - Is It Possible To Encrypt Bindpw?
>
> On Wed, Jul 09, Bobby Cox wrote:
>
> > Hello All,
> >
> > If this is not the correct list please excuse me, and would you please direct me to the appropriate place. 
If this is the right place, here is my question:
> >
> > Is it possible to encrypt bindpw in ldap.conf?   We currently do not allow anonymous bind and would rather
not leave the bindpw in clear text if at all possible.
>
> If you encrypt it in ldap.conf, you need to store the key somewhere.
> This only makes it more complicated for an attacker, but will not
> solve your problem.
>
>   Thorsten
> --
> Thorsten Kukuk, Project Manager/Release Manager SLES
> SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
> GF: Markus Rex, HRB 16746 (AG Nuernberg)
>
> _______________________________________________
> Pam-list mailing list
> Pam-list <at> redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
> _______________________________________________
> Pam-list mailing list
> Pam-list <at> redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list

--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)

_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list

Gmane