Password security - Another idea
David A. Wilson
dave at sea375.UUCP
Sun Dec 25 07:06:07 AEST 1988
With all the concern for control of access to passwords, even when encrypted,
why now make passwords more integral to the kernel? The kernel could maintain
passwords encrypted somewhere on the disk, but not directly accessible thru
filesystem access. Special system calls would exist to store/retrieve encrypted
passwords. The system calls could be restricted to root, and use would be
recorded in an audit log(handle like process accounting logs) to detect
password breakin attempts.
The only security hole to fill would then be the prevention of obtaining
passwords by direct access to the system disk. Perhaps the kernel could
also audit any access to the disk blocks containing the passwords using
the disk drivers directly(system backups must be able to backup these blocks
although the audit log would record this).
Single-user mode should support an optional password(separate from root)
to control single-user access to the system.
These changes should incur very little system overhead, some kernel code,
some changes to disk drivers and few changes to existing admin programs.
I think this would be more secure than current password file or the shadow
password file. Any comments?
Think about it,
--
David A. Wilson
uw-beaver!tikal!slab!sea375!dave
More information about the Comp.unix.wizards
mailing list