[10142] in Athena Bugs
/source/athena/bin/login/login.c: do better logging
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Tue Dec 15 20:58:00 1992
Date: Tue, 15 Dec 92 20:57:50 -0500
From: "Jonathan I. Kamens" <jik@pit-manager.MIT.EDU>
To: mhpower@Athena.MIT.EDU
Cc: bugs@Athena.MIT.EDU
In-Reply-To: [10136]
I disagree. If the problem is that /usr/adm/messages is
world-readable, then either the permissions should be changed so that
it is no longer world-readable, or the syslog.conf file should be
changed so that it logs AUTH errors to somewhere that is not
world-readable.
When trying to detect breakins, it is imperative to gather as much
information as possible. If failed login attempts are not logged as I
suggested, it is easy for crackers to try several logins and then hit
^D to abort, with nothing being logged (and without the 10-second
delay).
Finally, note that the usernames of failed logins are not logged
unless the user completely fails to log in. In other words, if the
user accidentally types his password as his username, and then
realizes his mistake and correctly enters his username/password pair
the second time he is prompted, nothing is logged.
I think it unlikely that someone with a valid password will fail to
log in successfully five times in a row, if they're trying to log in.
However, as I said, if this is a problem, then the logs of failed
attempts should be put someplace that isn't world-readable (and not
transmitted to "*" via zephyr).
jik