Protecting Passwords

In local files, passwords are protected from viewing by DAC and from modifications by both DAC and MAC. Passwords for local accounts are maintained in the shadow(4) file that is readable only by root: The Security Administrator role should ensure that the /etc/shadow file is protected by MAC at ADMIN_LOW, and by DAC by root (owner), sys (group), and 400.

trusted4% ls -l /etc/shadow; getlabel /etc/shadow
-r--------   1 root     sys          307 Sep 7  2001 /etc/shadow
/etc/shadow:    [ADMIN_LOW]

The password field in the NIS+ passwd.org_dir table is protected by NIS+ restrictions on access to fields within tables. When any user or administrator tries to view the passwd.org_dir table, the only encrypted password that displays is the one belonging to the account.

The following example shows that while user ashish's password field shows as *NP* when the user roseanne invoked the niscat(1) command, barbar can see the encrypted password for her own account.

trusted5% whoami
roseanne
trusted6% niscat passwd.org_dir
. . .
ashish:*NP*:33333:10:Ash Ish:/home/ashish:/bin/csh:*NP*
barbar:0dk1EW44:10:Bar Bara:/home/barbara:/bin/csh:38442::::::

There is no shadow.org_dir table.

With NIS, configure the shadow database as a secure map. Secure maps are only readable from a privileged port, thus only a privileged program could access the encrypted password. Sites that need more security than NIS provides should use NIS+.