[TriLUG] LDAP Question
Michael Alan Dorman
20 Aug 2002 14:12:38 -0400
Tanner Lovelace <email@example.com> writes:
> Actually, any time the password goes over the net it *should* be
> encrypted (if not, it's a HUGE security hole).
Uh, yeah. :-)
> The main reason I went with kerberos was that it almost never sends
> passwords of any kind over the network. Also, anything it does send
> over the network expires in a short amount of time. So, if someone
> does capture something, it's still only good for about 4 hours,
> which is hopefully shorter than it would take to brute force decrypt
Oh, yeah, I agree entirely. All my access in the project I'm working
on is over localhost, and always will be, so I've been able to be not
quite so diligent.
Did you find any particularly good source for Kerberos info? I've
looked from afar for, well, _years_, and never found anything that
seemed to remove the mystery---and I learned how to do OO-perl from
the perl 5.001 manpages, so I'm not an idiot when it comes to
Twisted, maybe, but not incapable. :-)
> Doh! I hadn't even looked at that. :-)
I wasn't sure if you were intending to make a joke or not...
> > I'll see if I can't get something by the end of the week. I kind of
> > need these for other uses, so this is as good an excuse as any.
> Cool! Thanks very much!
Not a problem. It may actually take the weekend, we'll see.
> > Has anyone ever actually seen a /etc/default/useradd file in the
> > wild? Anyone know the format? Ideally I'd be able to pull the
> > same defaults information as regular useradd, but nothing seems to
> > document the format the defaults are stored in...and I'm not
> > sufficiently motivated to go grovelling through source right at
> > the moment...
> Well, you could pull a source rpm from redhat, use rpm2cpio to
> extract it and then tar/gunzip the source and look at what it does?
Didn't quite make it to my last sentence, did we? :-)
Actually, I found (on one of the redhat boxes I administer :-) an
/etc/defaults/useradd that looks populated, and it should be a piece
of cake to parse.