Login functionality

ken_i_m at elegantinnovations.net ken_i_m at elegantinnovations.net
Tue Feb 17 21:57:38 PST 2004


On Wed, Feb 18, 2004 at 12:44:17AM -0500, Christopher Chumbley (cjchumbley at hotmail.com) wrote:
> I agree that with a malicious admin all bets are are off.  On the other 
> hand, I have seen too many stupid and/or lazy admins and the ablility to 
> search through a log file for "admin/Godd" or to look for any other login 
> failures and see the username/password pairs really just isn't an 
> acceptable security risk. IMHO of course...
[wrapping added :-( ]

A non-admin user being able to read logs is a misconfiguration.  This is 
sysadmin 101 basic stuff.  If you have an admin this stupid/lazy you got 
alot more serious problems then users exploiting logs.
-- 
I think, therefore, ken_i_m
Chief Gadgeteer, Elegant Innovations
Founder, Bozeman Linux Users Group
(406) 581-0495



More information about the hlfs-dev mailing list