From owner-freebsd-current Thu Feb 17 22:30: 4 2000 Delivered-To: freebsd-current@freebsd.org Received: from overcee.netplex.com.au (overcee.netplex.com.au [202.12.86.7]) by hub.freebsd.org (Postfix) with ESMTP id 492DF37B82D; Thu, 17 Feb 2000 22:29:54 -0800 (PST) (envelope-from peter@netplex.com.au) Received: from netplex.com.au (localhost [127.0.0.1]) by overcee.netplex.com.au (Postfix) with ESMTP id B0DDE1CD9; Fri, 18 Feb 2000 14:29:47 +0800 (WST) (envelope-from peter@netplex.com.au) X-Mailer: exmh version 2.1.1 10/15/1999 To: Mark Murray Cc: current@freebsd.org, committers@freebsd.org Subject: Re: Crypto progress! (And a Biiiig TODO list) In-Reply-To: Message from Mark Murray of "Fri, 18 Feb 2000 07:46:11 +0200." <200002180546.HAA25779@gratis.grondar.za> Date: Fri, 18 Feb 2000 14:29:47 +0800 From: Peter Wemm Message-Id: <20000218062947.B0DDE1CD9@overcee.netplex.com.au> Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Mark Murray wrote: > > I'm very uncomfortable with requiring Yet Another Daemon to manage > > (and screw up) password checking. Generally speaking, if I wouldn't > > trust a program with root privileges, I wouldn't trust it with my > > password, either (for obvious reasons). > > If "all those" suid programs could be "de-suid'ed", and replaced with > a simple "does this username/password pair check out?" daemon/module, > would that make you happier? As long as there is some sort of rate limiting system so that it doesn't provide a trivial online brute force password cracking service... Getting this right would be an interesting challenge. :-) Cheers, -Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message