Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!att!chinet!les From: les@chinet.chi.il.us (Leslie Mikesell) Newsgroups: comp.unix.wizards Subject: Re: What should the password/security/userinfo/login system include? Message-ID: <1989Dec7.172233.10130@chinet.chi.il.us> Date: 7 Dec 89 17:22:33 GMT References: <4180@sbcs.sunysb.edu> Reply-To: les@chinet.chi.il.us (Leslie Mikesell) Distribution: usa Organization: Chinet - Chicago Public Access UNIX Lines: 31 In article <4180@sbcs.sunysb.edu> brnstnd@stealth.acf.nyu.edu (Dan Bernstein) writes: >Does /etc/utmp makes sense? Should passwords and usernames be longer? >Should all login sessions be automatically recoverable? What about >Steve Bellovin's session manager? Should passwords be in their own >protected directory, one file per user? What features should the login >program have? Should root have a secure /root directory, with all >interesting files safely tucked away? How should yellow pages work? I want logging of *all* keystrokes during a failing attempt at logging in (more to allow me to help with the problem, but it would also help detect intruders). This means (a) getty has to run in raw mode (I want to see NULLs/XOFFs/backspaces/#'/@'s, et.al.), and (b) getty and login have to be a single program, since getty collects the first keystokes and doesn't know if the login is going to fail. >I don't know the right phrase to describe what I'm aiming at; ``user >control'' is the best I've come up with. Anyway, we're all so used to a >particular set of user control files and user control programs that we >rarely consider entirely different, perhaps better, systems. How about tagging files with an indication of where they came from with a little kernel support beyond the current uid/gid. I'd like to know if any particular file came straight off the commercial distribution media, some other xfer media, or was it locally created, and has it been locally modified since installation. As as side effect, you could find all of your local modifications since a system was installed and use this to reconstruct after a installing a new OS. Les Mikesell les@chinet.chi.il.us