Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!uunet!lll-winken!decwrl!orc!mipos3!omepd!merlyn
From: merlyn@iwarp.intel.com (Randal Schwartz)
Newsgroups: comp.unix.wizards
Subject: Re: What should the password/security/userinfo/login system include?
Message-ID: <5340@omepd.UUCP>
Date: 12 Dec 89 18:02:43 GMT
References: <4180@sbcs.sunysb.edu> <1989Dec7.172233.10130@chinet.chi.il.us>
Sender: news@omepd.UUCP
Reply-To: merlyn@iwarp.intel.com (Randal Schwartz)
Distribution: usa
Organization: Stonehenge; netaccess via Intel, Hillsboro, Oregon, USA
Lines: 20
In-reply-to: les@chinet.chi.il.us (Leslie Mikesell)

In article <1989Dec7.172233.10130@chinet.chi.il.us>, les@chinet (Leslie Mikesell) writes:
| I want logging of *all* keystrokes during a failing attempt at logging
| in (more to allow me to help with the problem, but it would also
| help detect intruders).  This means (a) getty has to run in raw mode
| (I want to see NULLs/XOFFs/backspaces/#'/@'s, et.al.), and (b) getty
| and login have to be a single program, since getty collects the first
| keystokes and doesn't know if the login is going to fail.

No, no, no!  A log of failed logins and/or passwords and/or keystrokes
is a BIG security hole.

Send me mail if you weren't in on this discussion last time, and don't
see why it is a BIG security hole, and want to know why.

Just another legendary-wizard's-namesake,
-- 
/== Randal L. Schwartz, Stonehenge Consulting Services (503)777-0095 ====\
| on contract to Intel's iWarp project, Hillsboro, Oregon, USA, Sol III  |
| merlyn@iwarp.intel.com ...!uunet!iwarp.intel.com!merlyn	         |
\== Cute Quote: "Welcome to Oregon... Home of the California Raisins!" ==/