[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] One weird HaQ... have you seen this..
- Subject: Re: [cobalt-security] One weird HaQ... have you seen this..
- From: Jeff Bilicki <jeff@xxxxxxxxxxx>
- Date: Wed, 13 Feb 2002 13:08:17 -0800
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
>> Suggestions:
>> - When importing with CMU use the -p option so all the password will be
>> changed, also change the default password in /etc/cmu/cobaltBase.xml
>> (userPasswd).
> Thanks for some great suggestions, Jeff. I'm a bit confused over what
> the -p option does <frown>. Does it change all passwords to the value
> of userPasswd?
Yes it does, when CMU adds the user to the system the password in
userPasswd is used, since CMU does not know the plain text password.
After all the users are added, CMU then changes the user entries
in /etc/shadow to the crypt or md5 password stored in the cmu.xml
file (this is where the secuirty problem was). When cmuImport is
run with the -p option it will not replace the userPasswd
in /etc/shadow.
Jeff-