reusing passwords
MFHorn
arosen at eagle.ulowell.edu
Sun Feb 21 13:00:06 AEST 1988
In article <1996 at saturn.ucsc.edu> wolf at ssyx.ucsc.edu (Michael Wolf) writes:
>>In article <2500 at codas.att.com> mikel at codas.att.com (Mikel Manitius) writes:
>>>We soon learned that often over-anxious users type their password at
>>>the login prompt, resulting it it's showing up on the console.
>>
>>It's enough to be unable to log in a number of
>>times, and this helpful operating system will make a console record of
>>the username *and* the password that were typed.
>
>You must have a very strange version of VMS. Harvey Mudd College has
>several VMS systems, and a casual look at the login records on the
>console shows no sign of the user's passwords being printed out.
This is all configurable by your system manager. S/he can set it up so
if you get n invalid login attempts (ie. if the system detects a possible
breakin attempt), it starts reporting them to the log file and/or operator
terminals (like the console, usually), password and all. I think n is also
configurable. This can be turned on for the different types of logins,
interactive, network, batch, etc. (7 in all), or turned off completely.
I still think printing the password under ANY circumstance is wrong. If you
think someone is trying to crack a password, change it.
Andy Rosen | arosen at hawk.ulowell.edu | "I got this guitar and I
ULowell, Box #3031 | ulowell!arosen | learned how to make it
Lowell, Ma 01854 | | talk" -Thunder Road
RD in '88 - The way it should be
Andy Rosen | arosen at hawk.ulowell.edu | "I got this guitar and I
ULowell, Box #3031 | ulowell!arosen | learned how to make it
Lowell, Ma 01854 | | talk" -Thunder Road
RD in '88 - The way it should be
More information about the Comp.unix.wizards
mailing list