What should the password/security/userinfo/login system include?
Jonathan Bayer
jbayer at ispi.UUCP
Sat Dec 9 04:21:31 AEST 1989
les at chinet.chi.il.us (Leslie Mikesell) writes:
>I want logging of *all* keystrokes during a failing attempt at logging
>in (more to allow me to help with the problem, but it would also
>help detect intruders). This means (a) getty has to run in raw mode
>(I want to see NULLs/XOFFs/backspaces/#'/@'s, et.al.), and (b) getty
>and login have to be a single program, since getty collects the first
>keystokes and doesn't know if the login is going to fail.
This is not a good idea. If someone unauthorized sees this log file
they would have a fairly good idea of some of the passwords on the
system. Remember, a lot of failed login attempts are due to typing
mistakes and (sometimes) bad phone connections. In these cases the user
id's may be correct, or possibly one character off, and the same goes
for the passwords.
JB
--
Jonathan Bayer Intelligent Software Products, Inc.
(201) 245-5922 500 Oakwood Ave.
jbayer at ispi.COM Roselle Park, NJ 07204
More information about the Comp.unix.wizards
mailing list