****Re: ****Re: Linux Administration - Users in (any) database howto/why...

[Craig White]

On Fri, 2009-01-02 at 16:40 -0700, Joe wrote:
> Good point on TLS. The /etc/ldap.secret is where I had the problem. If 
> you put that file on an end users machine, wouldn't they be able to boot 
> into single user mode or sudo and read that file? Doesn't that file 
> provide the keys to the kingdom? Once you have full read access to the 
> directory. can't you read all the user id's and hashes and gain access 
> to every other system? Sorry if this was already a hackfest activity and 
> I missed it.
----
sure...but if you can boot into runlevel 1, you simply make a user copy
of /etc/shadow and run a password cracker on that - should be trivial
enough to get root password from that too.

Awful easy to boot Windows with CD that resets local Administrator
password too.

Basically, a computer is an insecure device unless locked in a closet
where no hands can touch and no network to access it.

Craig