[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] One weird HaQ... have you seen this..

Subject: Re: [cobalt-security] One weird HaQ... have you seen this..
From: Jeff Bilicki <jeff@xxxxxxxxxxx>
Date: Wed, 13 Feb 2002 13:08:17 -0800
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

>> Suggestions:
>> - When importing with CMU use the -p option so all the password will be
>> changed, also change the default password in /etc/cmu/cobaltBase.xml
>> (userPasswd).

> Thanks for some great suggestions, Jeff.  I'm a bit confused over what
> the -p option does <frown>.  Does it change all passwords to the value
> of userPasswd?

Yes it does, when CMU adds the user to the system the password in 
userPasswd is used, since CMU does not know the plain text password.  
After all the users are added, CMU then changes the user entries 
in /etc/shadow to the crypt or md5 password stored in the cmu.xml 
file (this is where the secuirty problem was).  When cmuImport is 
run with the -p option it will not replace the userPasswd 
in /etc/shadow.

Jeff-

Prev by Date: Re: [cobalt-security] One weird HaQ... have you seen this..
Next by Date: Re: SV: [cobalt-security] Re: ADVISORY: shadow file vulnerability:cause & workaround
Previous by thread: Re: [cobalt-security] One weird HaQ... have you seen this..
Next by thread: [cobalt-security] CMU Security problem [ /etc/shadow permissions ]

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index