[John Adams: Re: Why are we using priveleged images / state so

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Ken Wilcox: "Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing"
• Previous message: Karl Strickland: "Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing"

>But then remote administration goes all to hell. Secure external
>access methods (Skey, SecureID, et al.) could be used to admin the
>machines remotely, but the inital setup would cost a considerable
>amount of time.

On a slightly different topic. But since S/Key was mentioned...

Almost all of the S/Key packages I've
seen have a problem (actually there are a couple of problems with s/key
but the pro's still outweigh the con's).

The installation sets the /etc/skeykeys file to a world readable mode
( 644 ). This seems to be the case in both Bellcore and Weitse's packages.

Needless to say that on a system using shadowed passwords and having most
of their users using s/key... This defeats the benefits of having
a shadowed password system in the first place.

The only thing I see changing this file to a more rational mode (ie 600)
would break is the keyinfo program. Not much of a loss in my eyes.

PeiterZ

• Next message: Ken Wilcox: "Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing"
• Previous message: Karl Strickland: "Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing"