Login functionality

Robert Connolly cendres at videotron.ca
Wed Feb 18 10:39:39 PST 2004


On February 18, 2004 12:49 pm, Anderson Lizardo wrote:
> On Qua, 18 Fev 2004 07:32:14 -0500, Archaic wrote:
> > {malicious,lazy,ignorant} then he'll likely be rooted anyway. Also, I
> > never mentioned writing the password, just replace UNKNOWN with the name
> > typed. And any good admin will religiously check logs and keep them
> > private.
>
> That's the problem: if the user typed the password by accident instead
> of the login name, the password is stored plain text on the log. Even
> with strong encryption, secure VPN channel, unreadable log files,
> whathever, the admin will need to _read_ the logfile sometime, and to
> avoid anyone else reading the possible stored plaintext passwords, he
> should lock himself on a room, clear any video buffer that maybe stored
> the screen, assure that the printer spooler didn't store the printed
> logfile and so on.
>
> IMHO, passwords should never be _visible_ to the external world as plain
> text (including failed login names which potentially could be
> passwords).

In sshd_config set PasswordAuthentication no. Don't give your users passwords, 
give them keys instead, they're much harder to guess. Set AllowUsers too.




More information about the hlfs-dev mailing list