On Fri, Dec 19, 2003 at 04:02:40PM +0000, Bob Vickers wrote:
But I was very surprised that rpasswdd works without you needing to create an entry in /etc/hosts.allow. So although rpasswd fixes one security hole by preventing plaintext passwords going across the network it potentially opens up another. With our old setup even if someone managed to discover the root password it was useless to them unless they also knew an administrator's regular password because neither ssh nor su let them gain root privilege except from a very small number of accounts. But now they can run rpasswd from any machine on the campus and rpasswdd will happily let them change any user's password.
I think letting users discover the root password of your server machine is really really bad. If that happens, you're almost toast anyway. rpasswdd is far from the only service granting folks knowing the root password special privileges. LDAP comes to mind. I agree though that the ability to turn admin mode off or limit it to a set of trusted IPs could be helpful. Would you care to submit a patch? Olaf -- Olaf Kirch | Stop wasting entropy - start using predictable okir@suse.de | tempfile names today! ---------------+