passwds and crypt(3)...

Tim Oldham tjo at its.bt.co.uk
Sat Jan 13 23:49:36 AEST 1990


In article <1990Jan4.111940.18769 at gdt.bath.ac.uk> exspes at gdr.bath.ac.uk (P E Smee) writes:
>
>I'd add in passing that I question the wisdom of putting 'last logged
>in at' into the startup greeting.  My experience is that (as above) it
>can be useful for crackers, and that it gains you next to nothing in
>security terms, as the vast majority of legitimate users don't pay any
>attention to it at all -- just part of the noise the machine spits at
>you when you log on, to be ignored.

Certainly that's the way I feel about most last-login messages. I rarely
look at mine. However, I would say that this doesn't mean that it's
useless, or that login messages per se are useless. At UKC, then the
login messages (at least used to --- I guess they still do) told you
*where* you last logged in from (all logins were via hardware PADs on the
Cambridge ring). This was a very useful feature. Several times people
changed their passwords because ``a friend of mine'' had accidentally used
them from somewhere strange. I guess the social scientists whose logins
had been hacked found it odd that the machine was telling them they'd last
logged in from the 68000 Laboratory when they didn't even know where it
was.

On the grounds that it's minimal overhead, I think login messages are A
Good Thing.

	Tim.
-- 
Tim Oldham, BT Applied Systems. tjo at its.bt.co.uk or ...!ukc!axion!its!tjo
Less is more, but not as much as more. 



More information about the Comp.unix.questions mailing list