I had a security hole that let a hacker get access to my passwd file one time.

I wasn't using shadow passwords because I thought the machine only would have 
authorized users.

Within 48 hours of the hole being announced on a security website, they had my root 
password.  i.e. they unencrypted it.

Fortunately, they were not smart enough to do any real damage.  They just filled my 
website with links to porn sites.

 >>  is crypt that bad? :)

 >>  anyways, gonna put the pam_smbpass to work first !

 >>  thanks
 >>  Daniel Provin
 >>  Linux User #191271
 >>  EEL LABMETRO UFSC

 >>  On 22 Feb 2003, Bradley W. Langhorst wrote:

 >>  > On Sat, 2003-02-22 at 15:55, Daniel Provin wrote:
 >>  > > okay
 >>  > >
 >>  > > so, I just need to activate the pam_smbpass module to keep de smbpass
 >>  with
 >>  > > the last password
 >>  > >
 >>  > > but is there any way to build an initial list of passwords from
 >>  > > unix passwords?
 >>  > well
 >>  > you could crack all your users passwords...
 >>  > probably wouldn't take more than a few weeks if you're using crypt.
 >>  >
 >>  > seriously - i don't know an easy way to deal with this problem.
 >>  > You might be able to configure pam to update the samba password upon
 >>  > login.
 >>  > or put the smbpasswd program into the logon script so that your users
 >>  > change it when the log in
 >>  >
 >>  > brad
 >>  > --
 >>  > Bradley W. Langhorst <[EMAIL PROTECTED]>
 >>  >

 >>  -- 
 >>  To unsubscribe from this list go to the following URL and read the
 >>  instructions:  http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to