Hashing of usernames in syslog
rra at stanford.edu
Sat Sep 28 23:38:31 UTC 2002
Erik Klavon <erik at eriq.org> writes:
> It's the usernames themselves I'm most concerned with. The usenet server
> in question will be performing proxy authentication with a central
> authentication system, based on Kerberos. The group which administers
> the authentication service is generally against proxy authentication
> since it violates the Kerberos security model. I'm sympathetic to that
> view, but feel that this service (off-campus access to usenet, mainly
> for posting to restricted groups in the ucb.* hierarchy) if made secure
> warrants an exception.
I'm with you up to here; we face the exact same issue, including the
Kerberos worries, here at Stanford, and we plan to allow clear-text
authentication over SSL with the server doing proxy authentication.
> The usernames are generally official student or employee id numbers,
> which adds to the concern. This isn't a major vulnerability, but
> something I was thinking about as part of the entire approach to
> securing the server.
This is the part that I don't understand.
First, I don't understand why the usernames would be logged at all. Are
you trying to track something that requires you to log the username? I
can't picture any need there that would still be satisfied easily by an
obfuscated version of the username in the local logs, so if you don't want
usernames logged, why do it? You can map all valid users to the same
identity in either readers.conf or in your authentication program.
Second, presumably the news logs are private; why is it an issue that
student IDs appear in them? Presumably you'd want to treat them the same
as, say, your SMTP logs, which similarly contain account names. Only make
data public in aggregate, if then, and ensure that only authorized users
have access to the logs.
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers