[TriLUG] security vs. services @ trilug.org

[Tanner Lovelace]

On Thu, 2002-05-09 at 10:11, John F Davis wrote:
> Hello
> 
> err, I would imagine the admin has a account on the box.  I'm assuming the
> admin is the one changing passwords for a user on all boxes.
> I think you (and I hate assuming what others think) is that you meant the
> regular user was going to change their passwords.  I wasn't clear.  I meant
> the admin changing passwords
> for themselves or other users.
> 
> JD

Ah, in that case, yes you are correct.  The admin does have 
a shell account on the mail box.  I'm not sure, however,
how you would go about changing the password.  Could you please
explain a little bit more.

I think it's a bit more complicated than you think it is, but
I'm very often wrong. :-)

The main problem is that the passwords are stored in different
formats.  Passwords on a shell machine are stored as (generally)
md5 hashes in the /etc/shadow file.  Passwords for Cyrus IMAP
(when using sasldb) are stored in the /etc/sasldb file in clear
text!! (or as some method from which you can get clear text).
You can't get a clear text password from an md5 hash so I'm
having a hard time getting my head around how you would set
the imap password from it.

Or, if I've completely misunderstood and you're not talking about
linking the two, it sees that having the administrator login
do it through an expect script would open an even bigger
security hole. :-/

So, I think it's obvious that I'm completely confused by
your proposal, so please help me out here.. :-)  Thanks.

Tanner
-- 
Tanner Lovelace | lovelace at wayfarer.org | http://wtl.wayfarer.org/
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
GPG Fingerprint = A66C 8660 924F 5F8C 71DA  BDD0 CE09 4F8E DE76 39D4
GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
 101010 - The Ultimate answer to Life, the Universe and Everything.