Re: axspawn and security on the air

From: Thomas Osterried (vpv.gscb@ocpinfo.com)
Date: Wed May 28 2003 - 19:01:00 EEST

Next message: Ken Koster: "Re: axspawn and security on the air"

Previous message: M Taylor: "Re: axspawn and security on the air"
In reply to: J. Lance Cotton: "axspawn and security on the air"
Next in thread: Ken Koster: "Re: axspawn and security on the air"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> callsign and wreak havoc. If I require a password for user login, the
> password is transmitted plaintext, right? Same situation as before.

with our digi / mailbox db0tud, we do it this way:

users have empty passwords.

if we need to authenticate for administration (root access), we use
the package "root"
(see http://x-berg.in-berlin.de/cgi-bin/viewcvs.cgi/ampr/root/ for details).

"md5root" uses a md5-based hashing algorithm like it is used by the bbs'es
(dpbox, etc..). root is suid bit. if the challenge response is ok,
a uid-0 shell is spawned. no plaintext password is transmitted.

but be aware that ax25 sessions as well as tcp sessions could be overtaken
by another user. on the other hand, it's ham community, not inet..

73,
- thomas

-
To unsubscribe from this list: send the line "unsubscribe linux-hams" in
the body of a message to bhe@relay.tunkki.fi
More majordomo info at http://vger.kernel.org/majordomo-info.html

Next message: Ken Koster: "Re: axspawn and security on the air"
Previous message: M Taylor: "Re: axspawn and security on the air"
In reply to: J. Lance Cotton: "axspawn and security on the air"
Next in thread: Ken Koster: "Re: axspawn and security on the air"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 28 2003 - 19:11:26 EEST