From owner-freebsd-security Tue Feb 27 21:13:33 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id VAA12595 for security-outgoing; Tue, 27 Feb 1996 21:13:33 -0800 (PST) Received: from who.cdrom.com (who.cdrom.com [192.216.222.3]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id VAA12590 for ; Tue, 27 Feb 1996 21:13:32 -0800 (PST) Received: from zip.io.org (root@[198.133.36.80]) by who.cdrom.com (8.6.12/8.6.11) with ESMTP id VAA21975 for ; Tue, 27 Feb 1996 21:13:30 -0800 Received: (from taob@localhost) by zip.io.org (8.6.12/8.6.12) id AAA02864; Wed, 28 Feb 1996 00:11:14 -0500 Date: Wed, 28 Feb 1996 00:11:14 -0500 (EST) From: Brian Tao To: Jim Dennis cc: freebsd-security@FreeBSD.ORG Subject: Re: Informing users of cracked passwords? In-Reply-To: <199602280504.VAA05385@mistery.mcafee.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG Precedence: bulk On Tue, 27 Feb 1996, Jim Dennis wrote: > > According to this the standard shadow password suite has an > option in the semantics of the /etc/shadow file to specify > an additional or alternative authentication program (as well > as all that password aging and account expiration stuff). BSD/OS 2.1 has implemented login classes (defined in the pw_class member of the standard passwd struct) to this end. It allows for additional authentication in addition to the traditiional UNIX password scheme (typically one-time password or challenge-response schemes). The /etc/login.conf file lets you specify user classes, the authentication model they follow as well as other aspects such as maximum memory usage, maximum per-process CPU time, minimum and maximum password lengths, etc. It would be nice if FreeBSD could adopt this format, since this is the first commercial use (AFAIK) of the pw_class field in a master.passwd entry. -- Brian Tao (BT300, taob@io.org) Systems Administrator, Internex Online Inc. "Though this be madness, yet there is method in't"