[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] using the same passwords for everything

Subject: Re: [cobalt-users] using the same passwords for everything
From: Josh Kuperman <josh@xxxxxxxxxxxxxxxxxx>
Date: Thu Jan 16 05:53:00 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

I should have been clearer since the problem isn't really the password
mechanism, but what is supported by different programs on my RaQ
XTR. I assume PAM of some sort, but other than knowing the encrypted
passwds /etc/shadow are not encrypted by same kind of mechanism that
htpasswd uses by default, I've no idea. If I could make appache use
that mechanism and just copy the entrys from /etc/shadow for the
appropriate people it would suffice. I'm not even sure of the
appropriateness of the mechanism. I just want all my password
protected resources to use the same password for the same user. This
is a security issue because they are relatively unskilled users who
will use the same password for everything regardless. I'd rather have
one or two relatively secure files than have everything scattered all
over and of course if they had to use two passwords they would need to
write them down on a sticky note and put it on their computers (which
they will probably do anyhow)

The web interface for when a site administrator sets up a new user,
and after that the users insteface, allows users to change
passwords. This is good. (i.e. no one will bother me unless they
forget their password and any site administrator can reset it.)
Openwebmail and Webmin, judging from preliminary experiments trying to
install webmin, squid, and squidguard from source on a RaQ XTR, can
all access and use that password.

Squid and Apache use a different mechanism. Because of the nature of
the RaQ everything is basically a web resource. Most of the
suggestions really only make sense for networks of machines - which we
have but the RaQ isn't attached to them, it stands alone. [It is
attached to network but nobody using that network logs onto anything.]

So is there a password management program so I can get it so that the
password created by the web interface for users on the RaQ is their
password for the other applications mentioned. The mechanisms that
WebMail use are sufficient.

On Wed, Jan 15, 2003 at 09:37:36PM -0500, Steve Werby wrote:
> "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx> wrote:
> > Have a centralized password store.  Keywords for which to search:
> >
> > GSSAPI, Kerberos, KRB5, LDAP, libnss, NIS, PAM, SASL, YP
> >
> > Exactly what you use depends on what you need.
> 
> Eddy, thanks for the extensive list.  Frankly, I only have experience with
> LDAP, PAM and Kerberos, but Eddy's right on the money and I hope it didn't
> appear I was suggesting LDAP was the only mechanism available.

-- 
Josh Kuperman                       
josh@xxxxxxxxxxxxxxxxxx

References:
- Re: [cobalt-users] using the same passwords for everything
  - From: E.B. Dreger
- Re: [cobalt-users] using the same passwords for everything
  - From: Steve Werby

Prev by Date: Re: [cobalt-users] DNS woes
Next by Date: RE: [cobalt-users] using the same passwords for everything
Previous by thread: Re: [cobalt-users] using the same passwords for everything
Next by thread: Re: [cobalt-users] using the same passwords for everything

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index