Path: utzoo!attcan!uunet!swlabs!jack
From: jack@swlabs.UUCP (Jack Bonn)
Newsgroups: news.sysadmin
Subject: Re: Security checkup
Message-ID: <2823@swlabs.UUCP>
Date: 8 Oct 88 01:07:30 GMT
References: <167@carpet.WLK.COM> <5014@medusa.cs.purdue.edu> <2968@mipos3.intel.com> <2975@mipos3.intel.com>
Reply-To: jack@swlabs.UUCP (Jack Bonn)
Distribution: na
Organization: Software Labs, Ltd. Easton, CT USA
Lines: 19

In article <2975@mipos3.intel.com> merlyn@intelob.intel.com (Randal L. Schwartz @ Stonehenge) writes:
>4.3bsd for example logs just the username to the console.  This would
>seem secure, but in all the times you have logged in, have you
>never-ever-ever because of network delays, or not paying attention,
>accidentally entered your password when it said "username"?  THAT'S
>THE PROBLEM.  Those that have looked into this have noticed that the
>"bad login" log almost always contains a valid password *in the clear*
>during any typical work day.

Maybe this is a little too simple minded, but why not just log failed 
attempts to valid usernames?  This could even be kept online with universal
read permission, since there would be nothing to hide here.  Then, with 
proper tools, a list of those usernames which have failures above a certain
threshold (maybe "1") could be identified as potential targets and could 
be periodically mailed to the administrator.  Mail seems to be tougher to 
ignore than a console log.
-- 
Jack Bonn, <> Software Labs, Ltd, Box 451, Easton CT  06612
uunet!swlabs!jack (UUCP)	jack%swlabs.uucp@uunet.uu.net (INTERNET)