From owner-freebsd-questions  Sat Nov  9 06:09:43 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id GAA00371
          for questions-outgoing; Sat, 9 Nov 1996 06:09:43 -0800 (PST)
Received: from light.pomona.edu (light.pomona.edu [134.173.72.79])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id GAA00365
          for <freebsd-questions@freefall.freebsd.org>; Sat, 9 Nov 1996 06:09:40 -0800 (PST)
Received: from localhost (jadeite@localhost) by light.pomona.edu (8.7.5/8.7.3) with SMTP id GAA03481; Sat, 9 Nov 1996 06:08:53 -0800 (PST)
Date: Sat, 9 Nov 1996 06:08:53 -0800 (PST)
From: jadeite <jadeite@light.pomona.edu>
To: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>
cc: freebsd-questions@freefall.freebsd.org
Subject: Re: su vs. secure tty
In-Reply-To: <199611090857.JAA11718@gilberto.physik.rwth-aachen.de>
Message-ID: <Pine.BSF.3.95.961109060421.1263A-100000@light.pomona.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

well...
for one thing su is more secure because only those in group wheel can use
the command.  gid must = 0

if you get the Kerberos security package along with your distribution, su
automatically tries to do Kerberos authentification.

when you su, you keep the environment vars, alias, etc. of the
unprivileged user

i'm sure there are other features that distinguish the two methods but i
can't think of them right now

On Sat, 9 Nov 1996, Christoph Kukulies wrote:

> 
> What is the exact reason to prefer using su over telnetting into
> the root account?
> 
> Wouldn't password snoopers get unencrypted passwords anyway?
> 
> In what else respect is a secure pty prone to attacks? 
> 
> 
> --Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de
>