Date: Fri, 18 Feb 2000 14:29:47 +0800 From: Peter Wemm <peter@netplex.com.au> To: Mark Murray <mark@grondar.za> Cc: current@freebsd.org, committers@freebsd.org Subject: Re: Crypto progress! (And a Biiiig TODO list) Message-ID: <20000218062947.B0DDE1CD9@overcee.netplex.com.au> In-Reply-To: Message from Mark Murray <mark@grondar.za> of "Fri, 18 Feb 2000 07:46:11 %2B0200." <200002180546.HAA25779@gratis.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Murray wrote: > > I'm very uncomfortable with requiring Yet Another Daemon to manage > > (and screw up) password checking. Generally speaking, if I wouldn't > > trust a program with root privileges, I wouldn't trust it with my > > password, either (for obvious reasons). > > If "all those" suid programs could be "de-suid'ed", and replaced with > a simple "does this username/password pair check out?" daemon/module, > would that make you happier? As long as there is some sort of rate limiting system so that it doesn't provide a trivial online brute force password cracking service... Getting this right would be an interesting challenge. :-) Cheers, -Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000218062947.B0DDE1CD9>