[CentOS] PAM configuration?
Thomas Harold
thomas-lists at nybeta.comTue Jan 5 14:49:21 UTC 2010
- Previous message: [CentOS] PAM configuration?
- Next message: [CentOS] OT: piped greps with regex
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 1/5/2010 7:31 AM, Kai Schaetzl wrote: > For what do you need the hash? You don't supply the hash for logging in. > In the case of SSH login, you are correct that the hash is not used to login. But the attacker may find a way to read the hash out of the /etc/shadow file, or the same password is used in other places and also stored with a md5 hash. A lot of things would have to go wrong for a remote attacker to get access to /etc/shadow - but it's been known to happen. (Personally, I always move the SSH port to something other then 22 and we only allow authentication via public keys over the external port.)
- Previous message: [CentOS] PAM configuration?
- Next message: [CentOS] OT: piped greps with regex
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list