Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: AW: [suse-security] SuSE security reputation, etc..
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Mon, 7 Aug 2000 13:32:18 +0200 (MEST)
  • Message-id: <Pine.LNX.4.21.0008071212050.2133-100000@xxxxxxxxxxxx>

> The issue is, that the default setup uses /etc/shadow for ssh, ftp, samba
> & al. It is an extra effort to setup and maintain passwords in different
> files. Apache has a different file by default.
> Let this compare to Lotus Notes. When you define a user there, the system
> prompts you for two different passwords. One to be used for the ID-file
> that contains the private key (and is never transmitted anywhere from the
> local system) and another one, that is used for HTTP basic authentication.
> This is easy to understand for novice admins and little extra effort.
> So, my on my whishlist to Easter Bunny:
> 1. Suse will add an installation/config option to make a separate pw-db
> for samba and proftpd (and maybe others)
> 2. Suse will add a list of passwords for different packages into yast user
> management.
> Rainer

Hmmm. I agree that these two points are desirable to implement, but it is
also too complex to do. One of the side effects will be that people
complain that authentication doesn't work (because the wrong file is
active) and people comlain that SuSE doesn't keep to the standards.

We can't afford these two points in the long run. Also, modifying the
daemons/packages takes time and manpower...

It's nice project, though. Would you want to hack and maintain a set
of patches that resolve these problems in a few packages?

- -
| Roman Drahtm├╝ller <draht@xxxxxxx> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| N├╝rnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -

< Previous Next >
Follow Ups