[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Open Xlock as root



On Fri, 3 Dec 1999 william.evans@computer.org wrote:

> However, making a modified pam_pwdb (or a skeleton module) to check
> root's password, so that it can be inserted into xlock's pam file like
> this:

> #%PAM-1.0
> auth       sufficient   /lib/security/pam_rootpassok
> auth       required     /lib/security/pam_pwdb shadow

> where pam_rootpassok is the module to check root's password.  In this
> situation, all the administrator would have to do would be to put this
> line in those services where (1) it makes sense to use it, and (2) the
> administrator really wants it.  In other words, don't use it somewhere
> unless required.

This all makes sense to me.

> One argument against doing this is valid: if somebody gets to the
> xlocked terminal and starts guessing passwords to get in, this module
> effectively gives them two possible solutions instead of just one,
> thereby increasing the odds that they find one.  Granted, the odds are
> still slim, and hopefully root's password is sufficiently obscure, but
> the odds are still increased.

That's true, but the odds are only increased by a factor of 2.  If they
have console access, they can do better than that just by switching
between virtual consoles and testing passwords on all of them
simultaneously.  Not to mention brute-forcing across the network (in which
case, the attacker can script the attack)...

> The question here is: should the module be made, allowing the
> administrator to slightly weaken their system?  I vote yes, and given
> enough time, I'll even work on the module.

Yes, certainly.  Compared to the alternatives, this method of 'weakening'
the system is far preferable, IMHO.  And even if not, that's a decision
that the administrator should be free to make.

If you're going to work on this module, would you consider basing it off
of pam_unix rather than pam_pwdb?

> (On that note: does it make any sense to have account/password/session
> components when all it's there for is authentication?)

I don't see any reason for it.

-Steve Langasek
postmodern programmer



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []