Login functionality

Dagmar d'Surreal dagmar.wants at nospam.com
Wed Feb 18 10:17:30 PST 2004


On Wed, 2004-02-18 at 05:49, Ian Molton wrote:
> On Wed, 18 Feb 2004 03:53:12 -0600
> Dagmar d'Surreal <dagmar.wants at nospam.com> wrote:
> 
> > 
> > In practice, unless you have several hundred users hitting a machine at
> > once, someone trying to guess a password manually is going to show up
> > pretty well.  Users don't actually mess up all _that_ often.  PAM can
> > also disable accounts after a certain number of failed attempts.
> 
> Is there any reason not to use public key crypto on logs? that way only root can decrypt them and the key neednt be stored locally. then you could log pretty much whatever you pleased.

See the other email I sent on this thread in re: to reducing the
secretness of the password.  You can't use _reversible_ crypto to
protect the now-plaintext password.  There might be justification for
doing so to make the logs harder to access, but it is not useful for
giving one an excuse to go logging usernames at the console.

Furthermore, any situation where one needs so much security one is
worrying about password guessing at the console probably should also
require restricted and logged physical access to the console, which is a
simpler solution.  Several guesses show up in the logs and you just go
to the person who was signed in at the colo in your cage.
-- 
The email address above is phony because my penis is already large enough, kthx. 
              AIM: evilDagmar  Jabber: evilDagmar at jabber.org




More information about the hlfs-dev mailing list