Checking New Password
Benjamin Meade
ben at lanwest.com.au
Tue Apr 20 01:45:09 PDT 2004
Marshall Pierce wrote:
> These may be helpful:
> http://www.onlamp.com/pub/a/bsd/2003/10/30/FreeBSD_Basics.html
> http://www.onlamp.com/pub/a/bsd/2001/01/17/FreeBSD_Basics.html
If I may just raise a small caution flag with regard to the top
article/application. The author states:
"...don't panic over the telnet word. The insecure telnet service isn't running
on ..."
The major insecurities in telnet are still present using this method of
generating passwords. Instead of a sniffer getting the actual password, they get
a list of six. Note that this is only using the network version, not the client
side system.
On the other hand, wrapping the communication with the server in ssl sounds like
a very good solution for user passwords. You could even use a website in perl
over https.
Hmmm....I know what I'll be doing for the next few hours. :)
--
Benjamin Meade
System Administrator
LanWest Pty Ltd
Ph: +61 (8) 9440 3033
Fax: +61 (8) 9440 3370
More information about the freebsd-questions
mailing list