[GLLUG] proftd and PAM
Matt Graham
danceswithcrows@usa.net
Mon, 29 Jul 2002 09:33:43 -0400
On Monday 29 July 2002 08:53, after a long battle with technology, Ex
Fed wrote:
> From what I understand, given the contents of /etc/passwords, it is
> possible for an individual to use this information, along with crypt
> and a dictionary or a brute force attempt to figure out what are your
> passwords.
Right, except "/etc/passwords" doesn't exist, and /etc/passwd doesn't
contain any password information in any Unix installation with a lick
of sense, and this brute force attack gets quite difficult if the users
are smart and they can use passwords > 8 characters (as is possible
with md5 passwords.) The user's encrypted password is stored in
/etc/shadow these days.
> Does PAM provide us with greater security (does it still use
> /etc/passwords or shadow passwords, and is it easy to configure with
> most software that supports it?
PAM can do a fair number of things. "man pam.conf" for info, though the
page is a bit dry/technical/complex.
Remember that no authentication system in the world will protect your
users if they insist on writing their passwords down on Post-It notes
and sticking those notes to their monitors, or making the passwords the
same as their usernames.
--
People don't tend to get paid.
--MegaHAL, trained on Netizen's quotes file
There is no Darkness in Eternity/But only Light too dim for us to see