What should the password/security/userinfo/login system include?

P E Smee exspes at gdr.bath.ac.uk
Mon Dec 18 23:07:26 AEST 1989


In article <1989Dec7.172233.10130 at chinet.ch> les at chinet.chi.il.us (Leslie Mikesell) writes:
>I want logging of *all* keystrokes during a failing attempt at logging
>in (more to allow me to help with the problem, but it would also
>help detect intruders).

DO MAKE SURE not to make your logfile publicly readable, or you'll have
created an even bigger security hole.  Even if you only collect the
response to the login: prompt, one of the favourite user errors is to
get out of sync with login, and to type their password when the system
is expecting their login name.  In that case, they usually get back
into sync, and so the response to the next login: prompt is usually the
username which belongs to that password.
-- 
Paul Smee, Univ of Bristol Comp Centre, Bristol BS8 1TW, Tel +44 272 303132
 Smee at bristol.ac.uk  :-)  (..!uunet!ukc!gdr.bath.ac.uk!exspes if you MUST)



More information about the Comp.unix.wizards mailing list