What should the password/security/userinfo/login system include?
Leslie Mikesell
les at chinet.chi.il.us
Fri Dec 8 04:22:00 AEST 1989
In article <4180 at sbcs.sunysb.edu> brnstnd at stealth.acf.nyu.edu (Dan Bernstein) writes:
>Does /etc/utmp makes sense? Should passwords and usernames be longer?
>Should all login sessions be automatically recoverable? What about
>Steve Bellovin's session manager? Should passwords be in their own
>protected directory, one file per user? What features should the login
>program have? Should root have a secure /root directory, with all
>interesting files safely tucked away? How should yellow pages work?
I want logging of *all* keystrokes during a failing attempt at logging
in (more to allow me to help with the problem, but it would also
help detect intruders). This means (a) getty has to run in raw mode
(I want to see NULLs/XOFFs/backspaces/#'/@'s, et.al.), and (b) getty
and login have to be a single program, since getty collects the first
keystokes and doesn't know if the login is going to fail.
>I don't know the right phrase to describe what I'm aiming at; ``user
>control'' is the best I've come up with. Anyway, we're all so used to a
>particular set of user control files and user control programs that we
>rarely consider entirely different, perhaps better, systems.
How about tagging files with an indication of where they came from
with a little kernel support beyond the current uid/gid. I'd like
to know if any particular file came straight off the commercial
distribution media, some other xfer media, or was it locally created,
and has it been locally modified since installation. As as side
effect, you could find all of your local modifications since a system
was installed and use this to reconstruct after a installing a new OS.
Les Mikesell
les at chinet.chi.il.us
More information about the Comp.unix.wizards
mailing list