What should the password/security/userinfo/login system include?
Randal Schwartz
merlyn at iwarp.intel.com
Wed Dec 13 05:02:43 AEST 1989
In article <1989Dec7.172233.10130 at chinet.chi.il.us>, les at chinet (Leslie Mikesell) writes:
| I want logging of *all* keystrokes during a failing attempt at logging
| in (more to allow me to help with the problem, but it would also
| help detect intruders). This means (a) getty has to run in raw mode
| (I want to see NULLs/XOFFs/backspaces/#'/@'s, et.al.), and (b) getty
| and login have to be a single program, since getty collects the first
| keystokes and doesn't know if the login is going to fail.
No, no, no! A log of failed logins and/or passwords and/or keystrokes
is a BIG security hole.
Send me mail if you weren't in on this discussion last time, and don't
see why it is a BIG security hole, and want to know why.
Just another legendary-wizard's-namesake,
--
/== Randal L. Schwartz, Stonehenge Consulting Services (503)777-0095 ====\
| on contract to Intel's iWarp project, Hillsboro, Oregon, USA, Sol III |
| merlyn at iwarp.intel.com ...!uunet!iwarp.intel.com!merlyn |
\== Cute Quote: "Welcome to Oregon... Home of the California Raisins!" ==/
More information about the Comp.unix.wizards
mailing list