What should the password/security/userinfo/login system include?

[Richard Meesters]

In article <398 at bilver.UUCP>, bill at bilver.UUCP (Bill Vermillion) writes:
> In article <1989Dec9.053433.5407 at chinet.chi.il.us> les at chinet.chi.il.us (Leslie Mikesell) writes:
> >In article <1236 at ispi.UUCP> jbayer at ispi.UUCP (Jonathan Bayer) writes:
> >
> >>>I want logging of *all* keystrokes during a failing attempt at logging
> >>>in.
> >
> >>This is not a good idea.  If someone unauthorized sees this log file
> >>they would have a fairly good idea of some of the passwords on the
> >>system.
> >
> >If they are written to a file that can only be read by root, why
> >should I worry about that?  If someone can already get root permissions
> >why would they want to know any other passwords?
>
Simply put, if you have root permission, you are in as root, and are traceable
as such.  You don't have access to the machine from a remote terminal unless
you already have a users login.  If you wanted to be an unobtrusive hack you
could simply figure out from the log file what the user's password was, then
keep using it for as long as the user keeps (or is allowed to keep) that 
password.  No one would be the wiser.

Personally I like the fact that even the superuser doesn't -know- my password.
True, he can change it to no password, or even any password he wants, but
unless he can decript the file, he couldn't possibly use *my* password.  It 
adds a feeling of security on the user's side.

> >...  In that vein, I'd personally like to strangle the person who
> >in invented automatic password aging.
> 

Password aging is optional (at least on System V) and, while I don't like it
any better than you, if the system administrator deems it necessary to keep
proper security on his machines, then I have no choice but to go along with
it.  Lets face it, it is more secure than everyone using the same password
over and over on a number of systems ad infinitum.

Regards,
Richard Meesters