On Tue, Dec 05, 2000 at 08:38:02PM -0500, Sam Varshavchik wrote:
With our users, probably at least 80% could be got in minutes by means of a
dictionary attack.
And how is this different from using a dictionary attack, otherwise?
Well, as things are now, the service machines have no read access to the
userPassword field at all. Any dictionary attack would have to be active and
against individual accounts. This would generate a lot of LDAP traffic and
would show up in the logs. An active POP3 attack would be the same of
course, and would also generate logs.
Without this, a single LDAP query could be used to download the userPassword
field for every account; the attacker could then take this away and attack
it at his/her leisure.
Presumably you do not allow anonymous binds
Correct. But should anyone get root on a POP3 machine, they would be able to
read Courier's config file (or Exim's config file in the case of an SMTP
receiver), and then be able to bind and search.
and only a superuser password
allows access to the password field.
No read access to the password field at all.
Of course, someone who has attacked a service machine can then attack the
LDAP servesr (they are on an RFC1918 network behind, along with the
Netapps), but I do think that it's a useful increase in security, comparable
to using shadow passwords rather than simple crypts in /etc/passwd.
Longer term, I would like Courier to be able to proxy SASL authentication by
using a SASL LDAP bind. As far as I can see, that should allow digest
authentication without revealing the cleartext secret to the mail server.
Regards,
Brian.
6 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Re: authdaemond a...
