What should the password/security/userinfo/login system include?

[Michael Meissner]

In article <4217 at sbcs.sunysb.edu> brnstnd at stealth.acf.nyu.edu (Dan
Bernstein) writes: 

|  In article <1236 at ispi.UUCP> jbayer at ispi.UUCP (Jonathan Bayer) writes:
|  > les at chinet.chi.il.us (Leslie Mikesell) writes:
|  > >I want logging of *all* keystrokes during a failing attempt at logging
|  > >in (more to allow me to help with the problem, but it would also
|  > >help detect intruders).
|  
|  My login program does this; it even records the times between keystrokes.
|  It runs in raw mode at the moment, though I'm considering switching back
|  to cbreak. (Why does this imply that login and getty/telnetd need to be
|  combined?)
|  
|  > This is not a good idea.  If someone unauthorized sees this log file
|  > they would have a fairly good idea of some of the passwords on the
|  > system.
|  
|  All password characters (except backspace and newline) are replaced by x.
|  The information loss does not outweigh the security gain.

This seems to come up time and time again.  The problem with logfiles
(including /dev/console) and passwords is that often times users type
passwords at the login prompt.  Thus if user 'foo' has a password
'bar456', and types the password at the wrong time, a message will be
sent to the logfile stating that unknown user 'bar456' tried to log
on.  The safest thing I've heard is to only write the username in
question if you are sure it's a valid username (or possibly a name a
cracker would try, such as guest).

--
--
Michael Meissner, Data General.
Until 12/15:	meissner at dg-rtp.DG.COM
After 12/15:	meissner at osf.org