RE: Password auth / shadow passwd file...

From: Dave J Woolley <DJW@dont-contact.us>
Date: Tue, 25 May 1999 19:27:50 +0100

> information to root only. If you have a shadow passwd system, then you
> either have to run the authenticator as root (preferably using
> getspnam() or PAM to read the shadow file), or you have to export the
>
        in which case you also need to introduce deliberate
        processing delays, which may well break Squid, to
        prevent it being used as a fast way of trying out
        passwords (real time delays are not enough,
        as the attacker could start multiple threads).

> shadowed password information to a file readable by Squid.
>
        In which case you have completely defeated the purpose
        of the shadow passwords.
Received on Tue May 25 1999 - 12:24:41 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:25 MST