On Fri, 6 Oct 2000, Nalin Dahyabhai wrote: > On Fri, Oct 06, 2000 at 01:32:26PM -0500, Steve Langasek wrote: > > It's somewhat worrying that nss_ldap is returning the user's password as part > > of the passwd struct. This suggests to me that there is at least a possible > > insecurity with nss_ldap: what happens if a non-privileged user calls > > getpwnam() for some other user's account (or root's!) that's stored in LDAP? > > Perhaps the authors of nss_ldap had a reason for allowing the password to be > > returned, but I can't imagine what that would be. > Hiding the information when it's in LDAP so that nss_ldap doesn't see it > all by default requires configuring access controls which aren't there > by default. There's a good paper about doing this on HP-UX at > 'http://docs.hp.com/hpux/onlinedocs/internet/ldap_integration.pdf'. (Even > though it's an HP-UX paper, the parts which cover the server-side issues > are applicable to just about any directory.) That's certainly true. However, what should nss_ldap's behavior be if the LDAP server has *not* been properly secured? In some cases, nss_ldap could make it easier for someone to gain access to these passwords. OTOH, anyone who could get at the passwords using nss_ldap could probably also get at them without using it, and the fact that nss_ldap doesn't hide anything may be useful in debugging... with the side effect that it doesn't give the expected behavior with pam_unix. <shrug> Steve Langasek postmodern programmer
