Alle 21:32, venerdì 12 luglio 2002, Marc Jacobs ha scritto:
On Friday 12 July 2002 12:44, Fergus Wilde wrote:
_that_ password. One thing you can do is make sure the shutdown commands aren't available to users and you can set hard or paranoid permissions (think you still can ...). But mostly, keep bad people away from the console. HTH
Well, the answer that I sent from work (but didn't make it to the list probably because of our mail servers working so good) says about the same, but it kept me thinking....
By exploring the linux source code, can one find the algorithm to decode passwords in /etc/shadow or is it a one-way-algorithm?
1) it's one-way 2) The malicious user must have the /etc/shadow file, which is accessible only by root. If he is root, you have something else to worry about.
Is there a way of authenticating users via the network and not via the local machine?
man sshd
And in that case, is it possible to authenticate root via the network (guess not since the startup process is done with the root permissions)?
Yes, but it is not secure.