[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: squid proxy authentication.
- To: "Ariel Biener" <ariel(at-nospam)fireball.tau.ac.il>, "Linux-IL mailing list" <linux-il(at-nospam)cs.huji.ac.il>
- Subject: Re: squid proxy authentication.
- From: "Oded Arbel" <odeda-linux-il(at-nospam)betalfa.org.il>
- Date: Tue, 17 Jul 2001 13:08:43 +0200
- Organization: mailgw.netvision.net.il
- References: <Pine.LNX.4.21_heb2.09.0107171149240.15857-100000@fireball.tau.ac.il>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
Security wise , isn't this the same thing ?
isn't the whole purpose of not making /etc/shadow world _readable_ is to
prevent from users other then root to read the shadow file . by copying it
to a new file- you just move the problem, and not solve it.
<disclaimer>
not that I think that reading MD5 hashes of passwords can be in any
*relevant* way deteriorating the system security.
</disclaimer>
Oded
--
X windows:
Putting new limits on productivity.
----- Original Message -----
From: "Ariel Biener" <ariel@fireball.tau.ac.il>
To: "Alon Barzilai" <alon@skyline.co.il>
Cc: <linux-il@cs.huji.ac.il>
Sent: Tuesday, July 17, 2001 10:51
Subject: Re: squid proxy authentication.
> On Tue, 17 Jul 2001, Alon Barzilai wrote:
>
> I never ask squid to authenticate from tge /etc/passwd /etc/shadow files
> directly. What is done here (8000 users for authentication - academic
> staff) is that every 30 min, a file is update under
> /usr/local/squid/etc/passwd, with the following fields:
>
> user:pass
>
> This file is used by the ncsa_auth for authentication. This file can be
> created by root, via a cron job, and you don't need to give squid or
> anyone else for this matter access to /etc/shadow.
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il