[10141] in Athena Bugs

home help back first fref pref prev next nref lref last post

Re: /source/athena/bin/login/login.c: do better logging

daemon@ATHENA.MIT.EDU (mhpower@Athena.MIT.EDU)
Tue Dec 15 19:08:40 1992

From: mhpower@Athena.MIT.EDU
To: jik@Athena.MIT.EDU
Cc: bugs@Athena.MIT.EDU
In-Reply-To: [10136] in Athena Bugs
Date: Tue, 15 Dec 92 19:08:31 EST

>1) When there are login failures, usernames attempted are logged,
>rather than just the last one.

>2) Login failures are logged whenever a connection fails to result in
>a login, not just when more than 5 failures are detected.

I have two concerns about this. First, suppose an ordinary user is
confused and accidentally types their password at the "login: " prompt
on a dialup server. Their password will be recorded in the publicly
readable /usr/adm/messages file. (OK, it's a bit worse if they happen
to type, successively, login: username, Password:incorrect password,
login: correct password).

Suppose an administrator types the root password on a server console
at the "login: " prompt, again as an isolated mistake. Even if they
are able to log in and fix the local log files immediately, the root
password will be sent over the net in plain text to syslogger.mit.edu.

I agree that better tracking of breakin attempts is needed. However,
because of the way the login program has worked in the past, many
users have the expectation that single, isolated screwups of the login
dialogue won't result in these dire password-exposure consequences. I
think your patch needs to be rethought somewhat.

Matt

home help back first fref pref prev next nref lref last post