Alan Coopersmith wrote on 8/13/09 1:45 PM: > Lloyd Chambers wrote: >> On server startup, the server would generate a large random number >> and write it in a file that is readable only by the owner of the >> file (the user who started the server). >> >> Local commands, such as stop-domain, would read this file if it's >> available and send the number as part of the authentication information >> to the server. The server would accept either the normal >> username/password >> authentication, or some special username along with this number as the >> password. >> >> This allows anyone who can read the file to authenticate to the server. >> Normally this would only be the user who owns the server and is running >> on the same machine. >> >> First, see any holes with this approach? > > That sounds very much like the MIT-MAGIC-COOKIE authentication method > available in the X Window System via the xauth command. Since that's > been in use for 15 years, perhaps seeing just how close you are to that > model would be interesting.
How would you like to see how close I am? I don't know MIT-MAGIC-COOKIE at all. Want to see the Java code?
