OT: Capturing failed login attempts

[Jay R. Ashworth]

On Tue, Sep 13, 2005 at 07:07:22AM -0400, Fairlight wrote:
> Is it just me, or did Jay Ashworth say:
> > Though, note that it's widely considered to be poor system
> > adminstration practice to log usernames in the log on failures, because
> > people get out of sync, and you end up with passwords in the log file.
> 
> That's considered poor -user- practise, and it's incumbent upon anyone
> doing so (I've done it by mistake myself--it happens) to immediately change
> their password when they get in.

Matter of taste, I think; I was aping other writers on the topic.

And I don't know that it's always possible to *tell* you've screwed up,
authoritatively.

> The flip side of this is also that if you can't trust your admins to
> know what your password is, who the hell can you trust?  They have the
> run of the system already. :) And on the odd chance we're talking about
> holed systems, then you've already got far larger issues than whether or
> not someone's scatterbrained attempt to log in was present in a file.

Well, MLS systems break that assumpion, too, but if you're using
reusable passwords on those, you deserve what you get.

> You either trust your admins to run a secure system, ethically--or you
> shouldn't be using the system in the first place.

Mistakes happen.  Logfiles aren't always treated as securely as might
be best.

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra at baylink.com
Designer                          Baylink                             RFC 2100
Ashworth & Associates        The Things I Think                        '87 e24
St Petersburg FL USA      http://baylink.pitas.com             +1 727 647 1274

	"NPR has a lot in common with Nascar... we both turn to the left."
		- Peter Sagal, on Wait Wait, Don't Tell Me!