Re: two-person login?

2008-01-30 Thread Woodchuck
On Tue, 29 Jan 2008, John Denker wrote: The foregoing makes sense, and is in extreme contrast to the situation I am faced with, where Joe logs in with the help of Jane, and then Jane leaves. Jane has not the slightest control over what Joe does while logged in. I don't see a sane procedure

two-person login?

2008-01-29 Thread John Denker
Hi Folks -- I have been asked to opine on a system that requires a two-person login. Some AIX documents refer to this as a common method of increasing login security http://www.redbooks.ibm.com/redbooks/pdfs/sg245962.pdf However, I don't think it is very common; I get only five hits from

Re: two-person login?

2008-01-29 Thread The Fungi
On Mon, Jan 28, 2008 at 03:56:11PM -0700, John Denker wrote: [...] I don't think it is very common; I get only five hits from http://www.google.com/search?q=two-person-login [...] Try searching for secret splitting instead. From the foregoing, you might conclude that the two-person login

Re: two-person login?

2008-01-29 Thread mark seiden-via mac
are dialed within 10 seconds of one another c-Supervisory/subordinate mode On Jan 28, 2008, at 2:56 PM, John Denker wrote: Hi Folks -- I have been asked to opine on a system that requires a two-person login. Some AIX documents refer to this as a common method of increasing login security

Re: two-person login?

2008-01-29 Thread Ian G
will be. The two-person login requires the approver to be present at login time, but does not require the approver to remain present, let alone take responsibility what Joe does after login. c) The only threat model I can come up with is the case where Joe's password has been compromised

Re: two-person login?

2008-01-29 Thread Nicolas Williams
On Tue, Jan 29, 2008 at 06:34:29PM +, The Fungi wrote: On Mon, Jan 28, 2008 at 03:56:11PM -0700, John Denker wrote: So now I throw it open for discussion. Is there any significant value in two-person login? That is, can you identify any threat that is alleviated by two-person login

Re: two-person login?

2008-01-29 Thread John Denker
with systems. OK, that's clear and helpful. Thanks. The point I take away from this is that _procedure_ is primary and fundamental. Technology is secondary. The two-person login is technology, and it is only icing on the procedural cake. -- If you have a good procedure, the two-person login

Re: two-person login?

2008-01-29 Thread The Fungi
On Tue, Jan 29, 2008 at 03:37:26PM -0600, Nicolas Williams wrote: I think you missed John's point, which is that two-person *login* says *nothing* about what happens once logged in -- logging in enables arbitrary subsequent transactions that may not require two people to acquiesce. Certainly

Re: two-person login?

2008-01-29 Thread Philipp G├╝hring
Hi, I have been asked to opine on a system that requires a two-person login. Some AIX documents refer to this as a common method of increasing login security http://www.redbooks.ibm.com/redbooks/pdfs/sg245962.pdf I would like to have a two-person remote login: The server