Re: Did I give up on telnet too easily?
From: Nico Kadel-Garcia (nkadel_at_comcast.net)
Date: Sat, 11 Oct 2003 15:48:41 -0400
Marcus Lauer wrote:
> Okay, hold on. If you're saying that some process, be it a daemon or just
> some program called as part of the login process, changes a user's password
> after they login, then fine. Yes, I can see how that works. What I don't
> understand is how that would create a useable system. Are we talking about
> having one-time passwords, e.g. where the user needs a new password every
> time they login?
Marcus, you were responding to Peter. He carps at the newbies, calls
them names, and never actually answers the question they asked.
Such systems exist. While usable, such as S/Key and several
automatically changing challenge-response systems used in various
commercial and freeware dial-up systems, they are usually *in addition
to* a standard login system.
Even when they're used as a primary remote login, by associating a
customized login tool instead of a normal getty that is called by the
telnet/UUCP/mgetty/faxgetty/whatever, getting people to actually *use*
such a system is an astonishing logistical burden. Been there, done
that, published notes for dialup use ages ago for HylaFAX, the users
tend to tell you to stuff it after a while or keep calling you on the
phone to reset it because they lost the passkey list or software.
> I guess my problem is that I don't see that as being very useable. I also
> argued against telnet being a good replacement for ssh while acknowledging
> that in some very restricted environments, telnet might be okay. It sounds
> like this is the same sort of thing. Yes it can be done. It would also be
> a pain in the ass to use, could be done with ssh just as easily, and still
> assumes some things, e.g. that the user doesn't mistype one letter in an
> obvious password and a quick attacker doesn't take advantage of the
Bingo. Peter waves a magic wand with a few technical keywords while
insulting the newbies, and completely ignores the pain of implementing
> Now that I think about it, I admit that my reply wasn't very bright. But
> next time, if you must reply to a dumb post, reply with facts, not insults.
> As far as I know, you may have no idea what you're talking about either!
> If you do know what you're talking about, God forbid that you should
> actually educate me, AC, and the rest of the newsgroup rather than just
> throwing around insults. I'm hardly a half-wit, guy. In fact, if what I
> wrote in the last two paragraphs is correct, then I'm the only one here
> who's actually demonstrated any understanding at all of how automatic
> password changing could be implemented and what some of the costs and
> benefits would be.
This was Peter. Why educate when he can pretend to have all the
knowledge, and you're too stupid to have attained his *obvious*
Just plonk him and move on to useful posts.