Re: (ASCEND) ASCEND RADIUS FEATURE REQUEST

To: ascend@digistar.com
Subject: Re: (ASCEND) ASCEND RADIUS FEATURE REQUEST
From: Andrew <aos@insync.net>
Date: Fri, 10 Oct 1997 14:13:39 -0500 (CDT)
cc: ascend-users@bungi.com
In-Reply-To: <Pine.LNX.3.96.971010131628.27333A-100000@digistar.com>
Sender: owner-ascend-users@max.bungi.com

On Fri, 10 Oct 1997 ascend@digistar.com wrote:

> please hack the code to show the password that the user mistakenly typed
> in for their password...  like so:
> 
> Fri Oct 10 13:03:53 1997: Authenticate: 56k-1.getonthe.net.1026, id=185: Neither User Nor Default Name: joebloggs / joesmistype

Right... so anyone who manages to get ahold of your log files can figure out
what people's passwords are simply by studying their mistypes.

No, this is not a good idea, which is why no system I'm aware of (UNIX,
RADIUS, or otherwise) logs failed passwords.  Some even give the option of
not logging failed usernames (in case someone typed his password in the
usename field), a feature I take advantage of.

--
Andrew O. Smith - aos@insync.net    | "Reality is that which, when you stop
Sysadmin, Insync Internet Services  |  believing in it, doesn't go away."
BOFH, Wielder of the sacred LART    |           -- Philip K. Dick

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Follow-Ups:

Re: (ASCEND) ASCEND RADIUS FEATURE REQUEST

From: Jesse Martinez <jmartine@ecis.com>

References:

(ASCEND) ASCEND RADIUS FEATURE REQUEST

From: ascend@digistar.com

Prev by Date: Re: (ASCEND) ASCEND RADIUS FEATURE REQUEST
Next by Date: Re: (ASCEND) Two default routes?
Prev by thread: (ASCEND) ASCEND RADIUS FEATURE REQUEST
Next by thread: Re: (ASCEND) ASCEND RADIUS FEATURE REQUEST
Index(es):
- Main
- Thread