*BSD News Article 97672


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.mel.connect.com.au!news.syd.connect.com.au!news.bri.connect.com.au!corolla.OntheNet.com.au!not-for-mail
From: Tony Griffiths <tonyg@OntheNet.com.au>
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Root Access
Date: Mon, 16 Jun 1997 14:48:13 +1000
Organization: On the Net (ISP on the Gold Coast, Australia)
Lines: 23
Message-ID: <33A4C58D.365F@OntheNet.com.au>
References: <33A0DBC3.3098@v-m.com> <33A1FD83.4D94@OntheNet.com.au> <33A31FD2.6592@dca.net>
Reply-To: tonyg@OntheNet.com.au
NNTP-Posting-Host: swanee.nt.com.au
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 3.0 (WinNT; I)
To: roehsler@dca.net
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:42861

Peter Roehsler wrote:

> > (a) use skeys to login as a privileged user
>           ^^^^^
> 
> Tony,
> 
> What are these?
 
# apropos skey
# man skey
  etc.

Basically, the S/key system allows privileged login without having to
send a cleartext password across the network.  The password that is sent
is useful for a single login only (ie. if someone else tries to use it
again, it will fail).

To be absolutely secure, the password generation needs to be dome on the
local machine, _NOT_ the remote one because this involces a password
that is reusable!

Tony