Seeking alternative to Linux passwds

Seeking alternative to Linux passwds

Post by Chris Hamilt » Wed, 21 Dec 1994 20:05:09



I've got a Linux box that is connected to a Novell server-based
ethernet, and I have a password problem.  Our Novell file server
is set up to force users to change passwords every 30 days.  On
the Linux box, each user has yet another password, which they
*also* have to change (30 days is company CIS policy).  This is
an annoyance, at best.

I know that you can set up a secondary user authentication program
to be used by linux during login, in lieu of the normal linux
password.. ('usermod -A method login').  What I'd like to do is
set up a program that would let the Novell file-server authenticate
the user/password.  That way, users would only have one password
to change.

Does anyone know of such a utility?  Are there any bit security
pitfalls I should look out for in trying to implement this?

Cham

--
------------------------------------------------------
Chris (Cham) Hamilton            
BDM Engineering Services Co

------------------------------------------------------

 
 
 

Seeking alternative to Linux passwds

Post by Stephen S. Sand » Sat, 24 Dec 1994 07:10:12


[deleted text]
: >I know that you can set up a secondary user authentication program
: >to be used by linux during login, in lieu of the normal linux
: >password.. ('usermod -A method login').  What I'd like to do is
: >set up a program that would let the Novell file-server authenticate
: >the user/password.  That way, users would only have one password
: >to change.
: >
: >Does anyone know of such a utility?  Are there any bit security
: >pitfalls I should look out for in trying to implement this?
: >
: >Cham
: >

I hope someone has an answer; I'll soon (I hope I can get the Linux box
to work on the new Ehternet...) have the same dilemma.

Thanks in advance, Steve.

--
----------------------------------------------------------------------------

Academic Computer Center, Westbrook College, Portland, Maine
"There are only two things in life, but I forget what they are." -John Hiatt

 
 
 

Seeking alternative to Linux passwds

Post by Chris Hamilt » Sat, 24 Dec 1994 03:28:16



Quote:

>I hope someone has an answer; I'll soon (I hope I can get the Linux box
>to work on the new Ehternet...) have the same dilemma.

So far, I've gotten little more than blank stares and furrowed brows.
Seems like no one's ever tried to level passwords on heterogenous
networks w/o using a distributed operating system.  Hard to imagine!

Quote:>Thanks in advance, Steve.

No problem.  I'll certainly forward whatever I find to you.  (But don't
hold your breath.)

It seems one of the biggest problems is how to secure the transmission
of the uid/pwd from the linux box to the Novell server.  Obviously, it
can't be sent unencrypted...  Anyone listening to the network could
grab the packet w/o fear of detection.  Aside from that, I don't see
any reason it *can't* be done--question is, *HAS* it been done?

--
------------------------------------------------------
Chris (Cham) Hamilton            
BDM Engineering Services Co

------------------------------------------------------

 
 
 

Seeking alternative to Linux passwds

Post by Mike Moret » Sat, 24 Dec 1994 22:07:37


: >Does anyone know of such a utility?  Are there any bit security
: >pitfalls I should look out for in trying to implement this?

: Was this a completly inappropriate question for this newsgroup?
: Or was it just too weird?  Or did my post not get propogated?

Probably (2).

Of course, forcing users to regularly change their passwords is a very
large security hole, as this encourages them to write them down.  Try
looking in people's diaries under their birth date!

--
All present and future standard disclaimers apply

 
 
 

Seeking alternative to Linux passwds

Post by Chris Hamilt » Fri, 23 Dec 1994 20:21:43



Quote:

>I've got a Linux box that is connected to a Novell server-based
>ethernet, and I have a password problem.  Our Novell file server
>is set up to force users to change passwords every 30 days.  On
>the Linux box, each user has yet another password, which they
>*also* have to change (30 days is company CIS policy).  This is
>an annoyance, at best.

>I know that you can set up a secondary user authentication program
>to be used by linux during login, in lieu of the normal linux
>password.. ('usermod -A method login').  What I'd like to do is
>set up a program that would let the Novell file-server authenticate
>the user/password.  That way, users would only have one password
>to change.

>Does anyone know of such a utility?  Are there any bit security
>pitfalls I should look out for in trying to implement this?

>Cham

Was this a completly inappropriate question for this newsgroup?
Or was it just too weird?  Or did my post not get propogated?

--
------------------------------------------------------
Chris (Cham) Hamilton            
BDM Engineering Services Co

------------------------------------------------------

 
 
 

Seeking alternative to Linux passwds

Post by Frederick W. Reim » Sat, 24 Dec 1994 15:33:38


: It seems one of the biggest problems is how to secure the transmission
: of the uid/pwd from the linux box to the Novell server.  Obviously, it
: can't be sent unencrypted...  Anyone listening to the network could
: grab the packet w/o fear of detection.  Aside from that, I don't see
: any reason it *can't* be done--question is, *HAS* it been done?

Probably the only way it CAN be done (having Linux verify Novell
passwords or Novell validate Linux passwords) is to have Linux use a
subset of the Novell login process for password validation.  Apparently,
you can modify the Linux login process to use a different algorithm.  You
would have a harder time getting Novell to do the same (to say the
least).

In order to do this, the programmer would have to know the details of the
NCP process for a file server attachment.  A complete login would be
unnecessary.  You would also need to know the password encryption
algorithm used in Novell logins (anyone who is still using unencrypted
passwords on their Novell LANs is looking for trouble if you have to
worry about sniffers).

As far as the uids and stuff, that would be unnecessary.  Simply use the
Linux login name as the Novell login name.

Fred Reimer

 
 
 

1. NON-U.S.GROUPS SEEK ALTERNATIVE TO MICROSOFT

Governments and businesses outside the U.S. are leading the
push to find alternatives to Microsoft for their software
needs, according to a report released Tuesday by research
company Gartner.

The reasons for seeking an alternative include concern over
licensing issues, security breaches, and the grass-roots
power of open-source software, according to Gartner.

For the full story:
http://www.infoworld.com/article/03/05/14/HNantims_1.html

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

2. Performance Benchmark

3. cron alternative sought

4. Missing modul for Realtek Ethernet device

5. Seeking alternative to /bin/csh

6. burning CDs with KonCD

7. Advice sought: seeking archival storage system for Linux

8. No KDM configuration file in KDE3

9. changing linux passwds with dos-clients

10. tar: /dev/st0: Warning: Cannot seek: Illegal seek

11. Help - want to add users and passwds not as root.

12. Need help with resetting NIS+ user passwds

13. Getting shadow passwds