Learning about remote users
Stefan Loesch
stefan at yendor.phx.mcd.mot.com
Tue Mar 21 04:48:16 AEST 1989
In article <9925 at bloom-beacon.MIT.EDU> scs at adam.pika.mit.edu (Steve Summit) writes:
>
>Why, pray tell, did you record the password(s) in the log file?
I wanted to see ESPECIALLY the passwords, to be able to tell when some-
body tried to break in, wether he did it with inside information, or
with password scanning.
>How careful were you to protect the file against inadvertent read
>access? How carefully did you protect every backup tape made of
>the filesystem on which it resided?
The file was mode 0 or 600 (can't remember) with owner root. So was
the directory it resided in. Of that filesystem there never were any
backups.
>How did you inspect the file
>yourself without learning people's passwords? (I don't know
>about you, but I do *not* *want* to know people's passwords. For
>......
>This issue is discussed here from time to time, and the consensus
>is generally that recording unencrypted passwords, including
>mistyped ones, is a bad idea.
I generally agree. However, on this system everybody knew and agreed
to the procedure (only ~ 20 people). To keep private stuff nearly
everybody had his own machine, for which he alone knew the passwords.
What good are passwords doing you, if you're root anyhow ? Unless people
use their passwords on more than one machine, which is bad anyway.
Stefan Loesch
stefan at mcdphx!motpdq
More information about the Comp.unix.wizards
mailing list