[10141] in Athena Bugs
Re: /source/athena/bin/login/login.c: do better logging
daemon@ATHENA.MIT.EDU (mhpower@Athena.MIT.EDU)
Tue Dec 15 19:08:40 1992
From: mhpower@Athena.MIT.EDU
To: jik@Athena.MIT.EDU
Cc: bugs@Athena.MIT.EDU
In-Reply-To: [10136] in Athena Bugs
Date: Tue, 15 Dec 92 19:08:31 EST
>1) When there are login failures, usernames attempted are logged,
>rather than just the last one.
>2) Login failures are logged whenever a connection fails to result in
>a login, not just when more than 5 failures are detected.
I have two concerns about this. First, suppose an ordinary user is
confused and accidentally types their password at the "login: " prompt
on a dialup server. Their password will be recorded in the publicly
readable /usr/adm/messages file. (OK, it's a bit worse if they happen
to type, successively, login: username, Password:incorrect password,
login: correct password).
Suppose an administrator types the root password on a server console
at the "login: " prompt, again as an isolated mistake. Even if they
are able to log in and fix the local log files immediately, the root
password will be sent over the net in plain text to syslogger.mit.edu.
I agree that better tracking of breakin attempts is needed. However,
because of the way the login program has worked in the past, many
users have the expectation that single, isolated screwups of the login
dialogue won't result in these dire password-exposure consequences. I
think your patch needs to be rethought somewhat.
Matt