Date: Wed, 7 Aug 1996 10:47:15 -0500 (CDT) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: john@katan.pomona.edu (john) Cc: peter@clari.net.au, freebsd-isp@FreeBSD.ORG Subject: Re: Trial accounts Message-ID: <199608071547.KAA02641@brasil.moneng.mei.com> In-Reply-To: <Pine.BSF.3.91.960807080438.16513A-100000@katan.pomona.edu> from "john" at Aug 7, 96 08:10:20 am
index | next in thread | previous in thread | raw e-mail
> On Wed, 7 Aug 1996, Peter Hawkins wrote: > > > I'd like to gather some feelings about providing (perhaps restricted) "trial" > > 1. security > > 2. The potential for someone to dial in under that name indefinitely. > > > > However I don't want to lose custom :) so if there are ways of > > addressing 1. and 2. I'd like to hear them. > > > > Peter > --- > well, from my experience i've seen two easy ways of extending acct use. > > 1. a file under the name of "TERMSET*" was placed in a trial home > directory which altered the time counter and the user was allowed to use the > acct indefinitely. > i'm not sure exactly what TERMSET* was altering, but it worked > > 2. after a trial period, even though the acct had expired, ftp was still > open. so someone was able to ftp a new .login file and consequently > dialin indefinitely. > > both methods aren't real security holes, simple settings changes would do > the trick. it's more of a reflection on the sysadmins. they were either > too busy, too lazy or too stupid to take care of it. I will note that BSD login does have support for an "account expiration date". This would seem ideal for this sort of application. ... JGhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608071547.KAA02641>