[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: BSD Auth
On 19-Aug-08, at 4:13 AM, SODA Noriyuki wrote:
Think about X11 screen-lock program which tries to access user's
password. As you know, X11 programs are big and may have a security
problem, so let's assume the screen-lock program has a hole.
Also, way back in 1998 David Holland wrote the following about the
fallacies of poor screen lock program design:
Why should my login password have anything to do with unlocking my
screen? This strikes me as a bad idea in general.
What about passwordless accounts where you get access via .shosts
ssh keys or weird site-specific systems? Even if you use PAM,
these just plain won't work with xlock. Of course, this in itself
doesn't mean that people who have login passwords and want to use
shouldn't, necessarily, but I really don't see that typing an 8-
word is a big strain.
Ok, so I don't have a good argument against it, but I don't think
"xlock should be able to look up my password" is a good argument to
use when discussing authentication system designs.
Greg A. Woods; Planix, Inc.
Main Index |
Thread Index |