Date: Wed, 7 Aug 1996 10:47:15 -0500 (CDT) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: john@katan.pomona.edu (john) Cc: peter@clari.net.au, freebsd-isp@FreeBSD.ORG Subject: Re: Trial accounts Message-ID: <199608071547.KAA02641@brasil.moneng.mei.com> In-Reply-To: <Pine.BSF.3.91.960807080438.16513A-100000@katan.pomona.edu> from "john" at Aug 7, 96 08:10:20 am
next in thread | previous in thread | raw e-mail | index | archive | help
> On Wed, 7 Aug 1996, Peter Hawkins wrote: > > > I'd like to gather some feelings about providing (perhaps restricted) "trial" > > 1. security > > 2. The potential for someone to dial in under that name indefinitely. > > > > However I don't want to lose custom :) so if there are ways of > > addressing 1. and 2. I'd like to hear them. > > > > Peter > --- > well, from my experience i've seen two easy ways of extending acct use. > > 1. a file under the name of "TERMSET*" was placed in a trial home > directory which altered the time counter and the user was allowed to use the > acct indefinitely. > i'm not sure exactly what TERMSET* was altering, but it worked > > 2. after a trial period, even though the acct had expired, ftp was still > open. so someone was able to ftp a new .login file and consequently > dialin indefinitely. > > both methods aren't real security holes, simple settings changes would do > the trick. it's more of a reflection on the sysadmins. they were either > too busy, too lazy or too stupid to take care of it. I will note that BSD login does have support for an "account expiration date". This would seem ideal for this sort of application. ... JG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608071547.KAA02641>