Date: Wed, 7 Aug 1996 08:10:20 -0700 (PDT) From: john <john@katan.pomona.edu> To: Peter Hawkins <peter@clari.net.au> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Trial accounts Message-ID: <Pine.BSF.3.91.960807080438.16513A-100000@katan.pomona.edu> In-Reply-To: <199608070010.KAA01174@rhiannon.clari.net.au>
index | next in thread | previous in thread | raw e-mail
On Wed, 7 Aug 1996, Peter Hawkins wrote: > I'd like to gather some feelings about providing (perhaps restricted) "trial" > 1. security > 2. The potential for someone to dial in under that name indefinitely. > > However I don't want to lose custom :) so if there are ways of > addressing 1. and 2. I'd like to hear them. > > Peter --- well, from my experience i've seen two easy ways of extending acct use. 1. a file under the name of "TERMSET*" was placed in a trial home directory which altered the time counter and the user was allowed to use the acct indefinitely. i'm not sure exactly what TERMSET* was altering, but it worked 2. after a trial period, even though the acct had expired, ftp was still open. so someone was able to ftp a new .login file and consequently dialin indefinitely. both methods aren't real security holes, simple settings changes would do the trick. it's more of a reflection on the sysadmins. they were either too busy, too lazy or too stupid to take care of it. hope everything works out well for you l8rhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960807080438.16513A-100000>