Path: utzoo!attcan!uunet!lll-winken!ames!mailrus!tut.cis.ohio-state.edu!bloom-beacon!athena.mit.edu!treese
From: treese@athena.mit.edu (Win Treese)
Newsgroups: comp.unix.wizards
Subject: Re: Alternatives for Yellow Pages?
Keywords: YP alternatives, network security
Message-ID: <8774@bloom-beacon.MIT.EDU>
Date: 15 Jan 89 07:37:39 GMT
References: <6999@pyr.gatech.EDU> <747@genie.UUCP>
Sender: daemon@bloom-beacon.MIT.EDU
Reply-To: treese@athena.mit.edu (Win Treese)
Organization: Massachusetts Institute of Technology
Lines: 27

In article <747@genie.UUCP> scooter@genie.UUCP (Scooter Morris) writes:
(in answer to a question about replacing YP)
>
>	[...]
>
>	So, we modified /bin/passwd so that insted of updating the
>	password database directly, it sends a packet to a password
>	daemon.  The password daemon (passwordd) updates the local
>	database, and queues up the change to any other machines which
>	are sharing the same uid scheme.  The changes are then sent
>	over TCP to the password daemon on each of the other machines
>	which, in turn, update their local databases....

How do you guarantee that the request to change a password is legitimate?
That is, can I spoof the password daemon as another user or from another
machine on the network that I control?

It seems that this system is vulnerable to a number of attacks, including
some that YP is also vulnerable to.

The design of a good network authentication system isn't entirely obvious,
but it's fairly well understood now.  A good start in the literature is
Needham & Schroeder's 1978 CACM paper on the subject (the system described
there is the basis of MIT Project Athena's Kerberos authentication system).

Win Treese					Cambridge Research Lab
treese@crl.dec.com				Digital Equipment Corporation