[John Adams: Re: Why are we using priveleged images / state so

[peiterz () BBN COM (Peiter Zatko)]

> But then remote administration goes all to hell. Secure external
> access methods (Skey, SecureID, et al.) could be used to admin the
> machines remotely, but the inital setup would cost a considerable
> amount of time.

On a slightly different topic. But since S/Key was mentioned...

Almost all of the S/Key packages I've
seen have a problem (actually there are a couple of problems with s/key
but the pro's still outweigh the con's).

The installation sets the /etc/skeykeys file to a world readable mode
( 644 ). This seems to be the case in both Bellcore and Weitse's packages.

Needless to say that on a system using shadowed passwords and having most
of their users using s/key... This defeats the benefits of having
a shadowed password system in the first place.

The only thing I see changing this file to a more rational mode (ie 600)
would break is the keyinfo program. Not much of a loss in my eyes.

PeiterZ