Re: BSD Auth

To: NetBSD Security Discussion List <tech-security%NetBSD.org@localhost>
Subject: Re: BSD Auth
From: "Greg A. Woods; Planix, Inc." <woods%planix.ca@localhost>
Date: Tue, 19 Aug 2008 11:37:25 -0400

On 19-Aug-08, at 4:13 AM, SODA Noriyuki wrote:


Think about X11 screen-lock program which tries to access user's
password.  As you know, X11 programs are big and may have a security
problem, so let's assume the screen-lock program has a hole.

Also, way back in 1998 David Holland wrote the following about thefallacies of poor screen lock program design:


    Why should my login password have anything to do with unlocking my
    screen? This strikes me as a bad idea in general.

What about passwordless accounts where you get access via .shostsorssh keys or weird site-specific systems? Even if you use PAM,some of

    these just plain won't work with xlock. Of course, this in itself

doesn't mean that people who have login passwords and want to usethemshouldn't, necessarily, but I really don't see that typing an 8-letter

    word is a big strain.

    Ok, so I don't have a good argument against it, but I don't think
    "xlock should be able to look up my password" is a good argument to
    use when discussing authentication system designs.

(from <URL:http://mail-index.netbsd.org/current-users/1998/11/23/0044.html>)


--
                                        Greg A. Woods; Planix, Inc.
                                        <woods%planix.ca@localhost>

Follow-Ups:
- Re: BSD Auth
  - From: David Holland

References:
- Re: BSD Auth
  - From: Greg A. Woods; Planix, Inc.
- Re: BSD Auth
  - From: SODA Noriyuki
- Re: BSD Auth
  - From: Greg A. Woods; Planix, Inc.
- Re: BSD Auth
  - From: SODA Noriyuki
- Re: BSD Auth
  - From: Greg A. Woods; Planix, Inc.

Prev by Date: Re: BSD Auth
Next by Date: Re: BSD Auth
Previous by Thread: Re: BSD Auth
Next by Thread: Re: BSD Auth
Indexes:

Home | Main Index | Thread Index | Old Index