Nick Boyce wrote:
> Yep - that's just the sort of thing I had in mind - I can't see a
> problem with it if all the new GID does is grant read access to the
> tcp wrappers config files. [ I just realized one more ingredient
> required is to make the relevant service daemons sgid tcpwrap as well
> a
On Fri, Aug 30, 2002 at 01:47:52AM -0700, Jamie Heilman wrote:
> All that aside, if you run a fairly modest server without too many
> oddball requirements, you can probably make the supplementary groups
> hack work with relatively low pain. You've bought yourself a bit more
> maintenance overhead,
Hi all ..
I have a small problem, I am working on migrating an apache virtual web
server with 80-120 virtual servers from a solaris to a linux mashine.
I played around with /etc/passwd or /etc/shadow but I saw, that seems
not to be easy to get it work.
What I want ist, that the users have the s
On Thu, Aug 29, 2002 at 02:51:14AM +0100, Nick Boyce wrote:
>
> I decided to start locking down permissions on "sensitive" files on a
> recently installed Woody box, and discovered that when I changed the
> permissions on "hosts.allow" (and "hosts.deny") to 640 then I could no
> longer Telnet into
On Fri, Aug 30, 2002 at 01:06:22PM +0200, Jan-Hendrik Palic wrote:
> I have a small problem, I am working on migrating an apache virtual web
> server with 80-120 virtual servers from a solaris to a linux mashine.
>
> I played around with /etc/passwd or /etc/shadow but I saw, that seems
> not to b
Nick Boyce wrote:
> On Thu, 29 Aug 2002 08:37:15 -0600 (MDT), Joe Moore wrote:
>>Another option would be to create a group, for example called
>>"tcpwrap". Add
>>tcpwrap:x:150:telnetd, sshd, irc, identd
>>(This list is based on the users in /etc/passwd which appear to be for
>>services that would b
The shadow file format between linux and solaris are different, but as
long as you have the crypt() portion from the solaris shadow file, you can
put it in the linux shadow file.
example linux /etc/shadow entry:
joeuser:YxlYT1esV4yz2:11474:0:9:7:::
example solaris /etc/shadow entry:
joeuse
Hi ..
thnx for the reply ...
On Fri, Aug 30, 2002 at 11:24:20AM -0400, Steve Mickeler wrote:
>The shadow file format between linux and solaris are different, but as
>long as you have the crypt() portion from the solaris shadow file, you can
>put it in the linux shadow file.
>
>example linux /et
On Fri, Aug 30, 2002 at 05:42:51PM +0200, Jan-Hendrik Palic wrote:
[..]
> I have created a user test with pass test on Linux and Solaris:
>
> /etc/shadow on Linux:
> test:$1$mT.fKI5L$Fgq6C.AKbkzGfCU.RDDqj.:11929:0:9:7:-1:-1:134549020
>
> /etc/shadow on Solaris:
> test:TCs9gC4bJy8rg:11929:
On Fri, Aug 30, 2002 at 05:42:51PM +0200, Jan-Hendrik Palic wrote:
> I have created a user test with pass test on Linux and Solaris:
>
> /etc/shadow on Linux:
> test:$1$mT.fKI5L$Fgq6C.AKbkzGfCU.RDDqj.:11929:0:9:7:-1:-1:134549020
>
> /etc/shadow on Solaris:
> test:TCs9gC4bJy8rg:11929::
>
This one time, Vincent Hanquez wrote:
> > /etc/shadow on Linux:
> > test:$1$mT.fKI5L$Fgq6C.AKbkzGfCU.RDDqj.:11929:0:9:7:-1:-1:134549020
> >
> > /etc/shadow on Solaris:
> > test:TCs9gC4bJy8rg:11929::
> >
> > the hashes are quite different .. ;(
>
> you use MD5 password on your linuxbox.
>
Thats because linux is using MD5 and solaris is only using crypt.
You can use the crypt string from solaris in linux, but you cannot use the
MD5 string from linux in solaris.
On Fri, 30 Aug 2002, Jan-Hendrik Palic wrote:
> Hi ..
>
> thnx for the reply ...
>
> I have created a user test with pa
Your solaris hashes arent MD5.
> Isn't this a security list? :) Why would anyone downgrade a hash?
> All my hashes are MD5 based, and I haven't had a problem copying
> password hashes out of Solaris.
>
> -Anne
> --
> .-"".__."``". Anne Carasik, System Administrator
> .-.--. _...
Hi ..
On Fri, Aug 30, 2002 at 12:04:15PM -0400, Steve Mickeler wrote:
>Your solaris hashes arent MD5.
is it not possible to upgrade to MD5 on Solaris?
>> Isn't this a security list? :) Why would anyone downgrade a hash?
>> All my hashes are MD5 based, and I haven't had a problem copying
>> pa
This one time, Jan-Hendrik Palic wrote:
> On Fri, Aug 30, 2002 at 12:04:15PM -0400, Steve Mickeler wrote:
> >Your solaris hashes arent MD5.
> is it not possible to upgrade to MD5 on Solaris?
Would PAM for that?
I'm not sure if I made my Debian box with MD5 then.. *sigh*
-Anne
--
.
Jan-Hendrik Palic <[EMAIL PROTECTED]> writes:
> Hi ..
>
>
> On Fri, Aug 30, 2002 at 12:04:15PM -0400, Steve Mickeler wrote:
> >Your solaris hashes arent MD5.
>
> is it not possible to upgrade to MD5 on Solaris?
AFAIK Solaris does not support MD5.
I wrote a PAM module that exactlky does that..
> He can probably reduce the pain somewhat by using cfengine to
> rewrite protections and ownerships. That way if he updates the
> next cfengine run will set everything to spec. Otherwise his
> life will be an eternal priv violation chase.
Thats an idea, increased security vis-a-vis increased infr
Jeff, 2002-Aug-29 12:29 -0700:
> Pedro Diaz Jimenez, 2002-Aug-28 01:25 +0200:
> > -BEGIN PGP SIGNED MESSAGE-
> > >
> > > If all you want is file system encryption you can try the loop-AES patch
> > > http://loop-aes.sourceforge.net/
> > >
> > > I used it for a long time on my laptop and it'
Joe Moore wrote:
> As to your later message:
> setgroups() and initgroups() are not necessary. Already UID telnetd is able
> to write to /var/run/utmp because of its membership in GID utmp.
Huh?
> If they run as a user not listed for tcpwrap (such as an interactive
> user), they will not be a
On Fri, Aug 30, 2002 at 02:20:36PM -0700, Jeff wrote:
>
> Does anyone know how I can create an encrypted filesystem on a file in
> my home directory, non-root? I'm using the loop-aes system and I can
> create everything but I have to chown the file and mount point to
> change the owner and group
> "Steve" == Steve Mickeler <[EMAIL PROTECTED]> writes:
Steve> Thats because linux is using MD5 and solaris is only using crypt.
Also, note that even using crypt under Linux, the hashes could be
different. The first two characters are a salt, which is added to the
password when it gets hashe
22 matches
Mail list logo
