> Mark Murray wrote:
> > > I'm very uncomfortable with requiring Yet Another Daemon to manage
> > > (and screw up) password checking. Generally speaking, if I wouldn't
> > > trust a program with root privileges, I wouldn't trust it with my
> > > password, either (for obvious reasons).
> >
> > If "all those" suid programs could be "de-suid'ed", and replaced with
> > a simple "does this username/password pair check out?" daemon/module,
> > would that make you happier?
>
> As long as there is some sort of rate limiting system so that it doesn't
> provide a trivial online brute force password cracking service... Getting
> this right would be an interesting challenge. :-)
Easy to do of the daemon is not on by default, or if it is pretty fascist by
default, with lots of options to define the fascism.
Examples:
o A username may only be checked $number times per $timeperiod;
after that, _all_ answers are silently converted to "no".
o Daemon may only be invoked $number times per $timeperiod;
refuses to fork after that.
o Daemon will delay $timeperiod before returning answer.
... etc. There are possibilities for DoS attacks, but the daemon
talks only to a Unix Domain Socket, so finding the perp is easy.
Logging can be as fascist or minimalist as you like.
M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
