[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using Debian SID on a Mac SE/30

On 4/14/21 8:23 PM, Finn Thain wrote:
> On Wed, 14 Apr 2021, Stan Johnson wrote:
> ...
>> Does anyone know of a way to set the ftp login timeout? I could probably 
>> modify the ftpd source, but I would prefer to modify a configuration 
>> file setting if possible.
> I don't know about ftpd but if you install vsftpd you can control those 
> timeouts in vsftpd.conf.

Thanks, vsftpd may be an option.

>> ... I think my next effort will be to break PAM and 
>> revert to old-style authentication, if possible.
> You can probably test that approach by building a portable FTP or Telnet 
> daemon and disabling PAM support using ./configure.
> You may also want to try minimal implementations of telnetd and ftpd, such 
> as the ones offered by busybox. If you build your own, you also get to 
> modify any hard-coded timeout constants.

Thanks for those suggestions.

>> It's interesting that I can login almost immediately using telnet or ftp 
>> using A/UX, but telnet in Debian takes about 100 seconds (and ftp still 
>> times out).
> Most of that is probably password hashing. Look in /etc/shadow and you'll 
> probably find long password hashes. If you're not worried about weak 
> hashes, you could switch to DES which is probably what A/UX uses. See 'man 
> login.defs' and 'man 3 crypt'.
> BTW, if your password hashes are never leaked or your actual passwords are 
> guessable anyway then I don't see much benefit from SHA512.
> FTR, I'm not advocating guessable passwords and weak hashes. But if you 
> want to try it, I hear that 12345 is very popular:
> $ perl -e 'print crypt("12345","xx")."\n"'
> xxwddmriJc5TI

I've always supported security protocols that match the associated risk.
For systems that are not exposed to the public Internet and that require
clear-text protocols, anyway, such as telnet and ftp, for reasonable
access, there is nothing wrong with minimal password hashes (though I
agree "12345" is still a bad idea!).


Reply to: