Date: Wed, 7 Aug 1996 08:10:20 -0700 (PDT) From: john <john@katan.pomona.edu> To: Peter Hawkins <peter@clari.net.au> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Trial accounts Message-ID: <Pine.BSF.3.91.960807080438.16513A-100000@katan.pomona.edu> In-Reply-To: <199608070010.KAA01174@rhiannon.clari.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 7 Aug 1996, Peter Hawkins wrote: > I'd like to gather some feelings about providing (perhaps restricted) "trial" > 1. security > 2. The potential for someone to dial in under that name indefinitely. > > However I don't want to lose custom :) so if there are ways of > addressing 1. and 2. I'd like to hear them. > > Peter --- well, from my experience i've seen two easy ways of extending acct use. 1. a file under the name of "TERMSET*" was placed in a trial home directory which altered the time counter and the user was allowed to use the acct indefinitely. i'm not sure exactly what TERMSET* was altering, but it worked 2. after a trial period, even though the acct had expired, ftp was still open. so someone was able to ftp a new .login file and consequently dialin indefinitely. both methods aren't real security holes, simple settings changes would do the trick. it's more of a reflection on the sysadmins. they were either too busy, too lazy or too stupid to take care of it. hope everything works out well for you l8r
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960807080438.16513A-100000>