Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!aplcen!uunet!pyrdc!jetson!decuac!hussar.dco.dec.com!mjr
From: mjr@hussar.dco.dec.com (Marcus J. Ranum)
Newsgroups: comp.unix.internals
Subject: Re: Finding Passwords
Message-ID: <1990Sep28.153738.6082@decuac.dec.com>
Date: 28 Sep 90 15:37:38 GMT
References: <LUSH.90Sep21083625@athena0.EE.MsState.Edu> <50845@brunix.UUCP> <4086@auspex.auspex.com> <3346:Sep2422:01:3090@kramden.acf.nyu. <936@mwtech.UUCP> <BZS.90Sep28014217@world.std.com>
Sender: news@decuac.dec.com (Network News)
Reply-To: mjr@hussar.dco.dec.com.UUCP (Marcus J. Ranum)
Organization: Digital Equipment Corp., Ultrix Resource Center
Lines: 17

In article <BZS.90Sep28014217@world.std.com> bzs@world.std.com (Barry Shein) writes:
>One simple and non-intrusive defense against most such attacks would
>be if, on successful login, the system would just tell you how many
>unsuccessful login attempts there have been on your account.

	This can be done with the trivial addition of a single field to
the lastlog file. I did this once, as a lunchtime hack, with a check to
see if the counter got over a certain value, at which point the login
was disabled until root reset the user's entry. Needless to say, the
root login's counter wasn't checked (root uses a secure tty, anyhow).

	It requires some trivial mods to login, and (unfortunately)
breaks compatibility between utmp and lastlog (unless you want useless
fields in your utmp).


mjr.