Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: AW: [suse-security] SuSE security reputation, etc..
  • From: rhoerbe@xxxxxxxxxxxxxxxx
  • Date: Mon, 7 Aug 2000 15:01:36 +0200
  • Message-id: <OFD2223423.B41319AA-ONC1256934.00440106@xxxxxxxxxxxxx>
>> The issue is, that the default setup uses /etc/shadow for ssh, ftp,
samba
>> & al. It is an extra effort to setup and maintain passwords in
different
>> files. Apache has a different file by default.
>>
>> Let this compare to Lotus Notes. When you define a user there, the
system
>> prompts you for two different passwords. One to be used for the ID-file

>> that contains the private key (and is never transmitted anywhere from
the
>> local system) and another one, that is used for HTTP basic
authentication.
>> This is easy to understand for novice admins and little extra effort.
>>
>> So, my on my whishlist to Easter Bunny:
>> 1. Suse will add an installation/config option to make a separate pw-db

>> for samba and proftpd (and maybe others)
>> 2. Suse will add a list of passwords for different packages into yast
user
>> management.
>
>Hmmm. I agree that these two points are desirable to implement, but it is
>also too complex to do. One of the side effects will be that people
>complain that authentication doesn't work (because the wrong file is
>active) and people comlain that SuSE doesn't keep to the standards.

If separated password files are a (recommended) option, accompanied with
some comment about the impact, but not the default, then there should
nothing be left to complain about. And a single /etc/shadow file is
default, not a standard anyway.
I disagree with your assessment, that people will complain about
authentication that does not work. Under the assumption, that we have to
sacrify some convenience to achieve some security (we could go with MS
otherwise), separated password files fix (or at least isolate) the problem
that ftp & al cause with clear text passwords.
But, if you have to run passwd & sbmpasswd & httppasswd & xyzpasswd, even
hard core command line junkies might find it annoying. Integrating
different passwords into yast's user management would solve exactly this
problem.

>
>We can't afford these two points in the long run. Also, modifying the
>daemons/packages takes time and manpower...
The package to make the installation for separated password files seems
reasonable for me, but yast does not offer any plug-ins or interfaces for
the user management.

Complexity is also a question of architecture. I would recommend Suse to
take a close look at IBM's Smit (the full-screen interface for AIX to
administrate almost _everything_). I think that Smit has a nice
architecture.
- The text-interface differs from the graphical only in the presentation,
the underlying code is obviously the same. Suse maintains two sets of code
with yast1 and yast2. Which is a waste on the long term.
- All actions are mapped to shell commands (although some are proprietary
or complex) and can be viewed before and after execution. This makes the
tool more a kind of editor ..

Yast is a key component of the Suse distribution, and I think that Suse,
to gain market share, should aim for convenience and well structured
functionality in installation and use. I know, it is a long way to go ..
>
>It's nice project, though. Would you want to hack and maintain a set
>of patches that resolve these problems in a few packages?
Hmm. For an initial setup, I will look into this. But for yast, I think it
is Suse's business.

Rainer

< Previous Next >