Re: Login anomaly or security issue?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Jake Messinger: "Re: 56K Upgrade"
• Previous message: David Davies: "Dead OR-M/NOT !!"
• In reply to: Gordon Soukoreff: "Sorry ! ARrgh Re: Was.. Re: Chan. T1"
• Next in thread: Stephen Fisher: "Re: Login anomaly or security issue?"

> A user, lets call him 'joe' accidentally logged in yesterday with his
> username, a space and his lastname, 'joe last'. He authenticated
> just fine, and a show session listed him as 'joe last', as did the detail
> file. We are using radius, system authentication to a linux box.
> Haven't checked yet to see if I can log into linux as 'joe testguy'
> (but I seriously doubt it). I don't know if this is a security
> issue, but at the very least, it makes examining the detail file a
> little more difficult.

This also happens for users that try to authenticate with "@" symbols in
their username (e.g. username@ednet.co.uk). Should this be the case or
is this something different? I'm running an ancient version (2.4.16) of
MERIT radius (with a few local hacks).

Richard Morrell
edNET systems admin
richard@ednet.co.uk

• Next message: Jake Messinger: "Re: 56K Upgrade"
• Previous message: David Davies: "Dead OR-M/NOT !!"
• In reply to: Gordon Soukoreff: "Sorry ! ARrgh Re: Was.. Re: Chan. T1"
• Next in thread: Stephen Fisher: "Re: Login anomaly or security issue?"