Re: non-root password lookups?

[Chris <chris@ormond.unimelb.edu.au>]

On Mon, Jan 18, 1999 at 10:36:35AM +0100, Martin Bialasinski wrote:
> 
> What use would shadow passwords have, if a unprivileged user can query 
> them?

Well...then the query is at your control - and if you make a single query take
a full second (or more) then it will take a very long time to brute force
anything (and thats assuming there is no logging).
> 
> I heared on Solaris you have a daemon, which takes username/password
> and tells you if the combination is OK.

Ahh....that sounds interesting....I'll have to reaserch into that idea.

Bye,

Chris

-- 

----------------------------------------------------------------------
The box said "Windows 95, NT or better" .. so I installed Debian Linux
----------------------------------------------------------------------
Reply with subject 'request key' for PGP public key.  KeyID 0xA9E087D5