home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: alt.hackers
- Path: sparky!uunet!super!adamfox
- From: adamfox@homer.super.org (Adam Fox)
- Subject: Re: masked entries in password file
- Message-ID: <1993Jan27.233419.22032@super.org>
- Sender: adamfox@homer (Adam Fox)
- Nntp-Posting-Host: homer
- Organization: Supercomputing Research Center, Bowie, MD USA
- References: <C1CDrC.3C4@watserv1.uwaterloo.ca>
- Distribution: na
- Date: Wed, 27 Jan 1993 23:34:19 GMT
- Approved: Of course it is, you foolish mortal
- Lines: 24
-
- In article <C1CDrC.3C4@watserv1.uwaterloo.ca>, Biff writes:
- |> Hello,
- |> A simple question that I'm sure someone out there can answer...
- |> Some systems have only a '*' in the encrypted password field, I think this
- |> is because they have an echoed password system or something like that.....
- |> I think there's a port you have to connect to locally to query for the
- |> encrypted password or something like that to get a higher security rating
- |> for the entire system..... Could some one please explain this to the net
- |> (interest only). I am quite curious as to how this works and I can't be
- |> bothered to muck around with the ports an shit if someone already knows
- |> how it works and what the general protocol is....
- |> Cheers......
-
- They probably have either a shadow password file somewhere that only root
- can see (some root-owned process checks the authentication) or they are running
- kerberos which authenticates in its own way through a server and secure protocol.
- I'm mostly familiar with Suns/BSD-type machines so your version of UNIX may
- vary. On Suns, those are the 2 main alternatives to using a world readable
- password file with encrypted strings. Perhaps you can hack a kerberos server,
- but without knowing how kerberos really works, you will probably have trouble
- doing it, I understand is is not trivial (unless you know the holes, of course).
-
- -- Adam Fox
- adamfox@super.org
-
