Path: utzoo!attcan!uunet!husc6!mailrus!cornell!uw-beaver!tikal!sigma!sea375!dave
From: dave@sea375.UUCP (David A. Wilson)
Newsgroups: comp.unix.wizards
Subject: Password security - Another idea
Message-ID: <228@sea375.UUCP>
Date: 24 Dec 88 21:06:07 GMT
Organization: At Home in Seattle, WA
Lines: 27

With all the concern for control of access to passwords, even when encrypted,
why now make passwords more integral to the kernel? The kernel could maintain
passwords encrypted somewhere on the disk, but not directly accessible thru
filesystem access. Special system calls would exist to store/retrieve encrypted
passwords. The system calls could be restricted to root, and use would be
recorded in an audit log(handle like process accounting logs) to detect
password breakin attempts.

The only security hole to fill would then be the prevention of obtaining
passwords by direct access to the system disk. Perhaps the kernel could
also audit any access to the disk blocks containing the passwords using
the disk drivers directly(system backups must be able to backup these blocks
although the audit log would record this).

Single-user mode should support an optional password(separate from root)
to control single-user access to the system.

These changes should incur very little system overhead, some kernel code,
some changes to disk drivers and few changes to existing admin programs.

I think this would be more secure than current password file or the shadow
password file. Any comments?

Think about it,
-- 
	David A. Wilson
	uw-beaver!tikal!slab!sea375!dave