Date: Mon, 3 Nov 1997 19:13:49 +0100 From: Eivind Eklund <eivind@bitbox.follo.net> To: Tom <tom@sdf.com> Cc: hackers@FreeBSD.ORG Subject: Re: Password verification (Was: cvs commit: ports/x11/kdebase - Imported sources) Message-ID: <19971103191349.30502@bitbox.follo.net> In-Reply-To: <Pine.BSF.3.95q.971103100454.20666A-100000@misery.sdf.com>; from Tom on Mon, Nov 03, 1997 at 10:07:24AM -0800 References: <199711031005.LAA21994@bitbox.follo.net> <Pine.BSF.3.95q.971103100454.20666A-100000@misery.sdf.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 03, 1997 at 10:07:24AM -0800, Tom wrote: > On Mon, 3 Nov 1997, Eivind Eklund wrote: > > > You can always use the pwcheck daemon from the Cyrus module (see ports). > > > It opens a unix socket at /var/pwcheck/pwcheck. Permissions on the > > > /var/pwcheck directory can be used to determine who can check passwords. > > > > Is it restricted to only let a user check his own password? Or could > > we make it only check a users own password fairly easily? > > How would that be useful? Security. If a user can check other people's passwords, he can brute-force passwords. If he can't, he can't. :-) Eivind.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971103191349.30502>