no password shadowing?

L

lethe

Registered
it seems to me that OSX with netinfo lacks the basic security provided by password shadowing, which has been industry default for a long time. try it:
Code: 
nidump passwd .

i see encrypted passwords there, and i m not root. for a long time i ve been thinking about turning netinfo off, and using my more familiar flat files. i don t worry about security much (i have no users on my computer, and my network is firewalled), but perhaps i will put this factor on the list.
 
You are correct, by using NetInfo, encrypted passwords are exposed; making it more important to choose a good one.
Some of the files for better /etc password management are there (/etc/master.passwd for example), but without messing with the way authentication works, they aren't used. You could probably setup FFAgent to be searched before NIAgent for lookupd's users search, then migrate to /etc files, but I really couldn't say if this would cause problems elsewhere...see man lookupd if you're curious.
 
You must log in or register to reply here.
Back
Top