Opening a can of security worms

From: Duncan Anker <dunc1@dont-contact.us>
Date: Mon, 13 Oct 1997 18:24:20 PDT

Well, I seem to have started something with my recent request about
authentication.

I am well aware of the security implications of NFS mounting the
password file. However, our setup is an intranet. Students must
purchase a security pass in order to gain access to the lab and
have an account set up for them. This gives them shell access on
our UNIX server, and access to the password file anyway, so a packet
sniffer would be total overkill. If they do manage to crack the root
password, they still need physical access to the console.

My main purpose was so that I could see that Joe Bloggs is visiting
particular sites, rather than looking up the IP address and then
looking up the daily logs to see that Joe Bloggs was at that
workstation at that time. We also need to be able to deny access
to the proxy to repeat offenders without preventing them from
doing legitimate work. Previously I was just suspending accounts,
but they need to be able to do their assignments, so it wasn't a
good solution.

So far, the 5 minute PERL script update is winning, but that's the
sort of solution I prefer for commercial software, where the source
is unavailable ...

Thanks in Advance for any other ideas.

Duncan

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
Received on Mon Oct 13 1997 - 18:30:14 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:37:17 MST