RE: Authentication problem

From: Larmour, Jonathan <Jonathan.Larmour@dont-contact.us>
Date: Mon, 13 Oct 1997 14:42:56 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

From: Duncan Anker
Sent: 13 October 1997 05:23
To: squid-users@nlanr.net
Subject: Authentication problem

Keeping a separate password file is not ideal, as I would like
everyone to be able to use the same password - so I thought I
could NFS mount the password file from our main UNIX server.

Argl.

I hope you realise the security implications of this. Every time your
squid does a lookup, your password file is sent over the network. The
passwords may be encrypted, but give me a packet sniffer, fast CPU,
crack, and 20MB of dictionary and it could easily be hacked.

It wouldn't ordinarily be so bad, but it will have the root password
in there, as well as luser's, which could be sniffed off the ethernet
anyway when they log in over the network.

I needed to do a similar thing, but for a different reason - nothing
to do with squid. I just ran a crontab which generated a different
password file every so often, but with things stripped out. (Well, in
my case, it was actually the passwords I was stripping out, but in
your case you could strip out your privileged users esp. root).

Jonathan L.
Origin, 323 Cambridge Science Park,Cambridge,UK. Tel:+44 (1223)
423355
 ---[ It is impossible to enjoy idling thoroughly unless one has ]---
 ------------[ plenty of work to do - Jerome K. Jerome ]-------------
Fight spam! http://spam.abuse.net/ These opinions ar
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBNEIkIoYLUv2rigzBEQIeywCdGrxvDrW9dovYGxsgVrOf9azlUfcAn0g+
RzBVTmDE56G/+1qdw6ppCWov
=VCVE
-----END PGP SIGNATURE-----
Received on Mon Oct 13 1997 - 07:15:41 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:37:17 MST