[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Question concerning PAM modules and root ...



they will get... yes, they will get root access to that machine.

you therefore expect your SMB server (i say SMB server which includes an
NT server not NT server because pam_smb can verify against any SMB server)
not to have been compromised.

you also expect ordinary users not to have write access to the
pam-smb.conf file, such that they cannot modify it to point to a random
SMB server over which they have control.

the NT system of resolving the DOMAIN name into a PDC or BDC is insecure:
a broadcast lookup is done.  if you get in there quick with your own ip
address, you can pretend to be a PDC or BDC, and answer pam_smb or
pam_ntdom login requests.

pam_ntdom and pam_smb do not _do_ this DOMAIN->PDC/BDC broadcast query: 
you must manually name the PDC and BDC (as well as the DOMAIN) in the
pam-smb.conf file.

luke (samba team)


On Thu, 28 May 1998, The Hermit Hacker wrote:

> 
> Hi...
> 
> 	I was just looking at the pam_smb_auth module, and one thing
> bothers me...unless I'm reading the code wrong, *if* someone creates a
> user root, with a passwd, on the NT server, and logs into the machine with
> root/<passwd on NT server>, they can get root access to the server?
> 
> 	Or am I missing something?
> 
> 
> 
> -- 
> To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null
> 
> 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []