[vconsole-discuss] Re: Virtual Console new release available NOW!
Shawn Walker wrote: > On 24/06/07, Riny Qian wrote: >> Shawn Walker wrote: >> > Instead of a flat out password required on switch, by password >> > required on switch after X seconds of inactivity could be done? >> >> Yes, I think it could be done, but not secure. Would the extra >> complexity bring us much value? Users may need to remember how >> many seconds left for an inactive session? For simplicity, users >> can just directly disable the secure switch. > > Well, that just turns of all security then. I'd rather feel somewhat > safe knowing that if I walk away from a terminal for so long that it > will be secure automatically after a specified time period. Here you're still not 100% sure that it's secure, and as you said, it's just "somewhat safe". The problem here is "how long", and it's not secure by nature. thanks, Riny
[vconsole-discuss] Re: Virtual Console new release available NOW!
Dev Mazumdar wrote: > Riny Qian wrote: >> Shawn Walker wrote: >>> On 22/06/07, Dev Mazumdar wrote: > It's for secure switch. The password is needed to > re-enter any owned session. > > You can disable this functionality by: > > # svccfg -s vtdaemon setprop options/secure=false > # svcadm refresh vtdaemon > # svcadm restart vtdaemon > > > Riny Hi, I guess this is what I was asking about. SHouldn't the default behavior be like Linux/FreeBSD or UnixWare where you don't have to keep re-entering the password when you switch virtual consoles that you've already logged in? >>> >>> I suppose it depends on what your perspective is. Is secure by default >>> or convenience more important? If you're an OpenBSD fan, the former, >>> if not, the latter perhaps ;) >> >> Yes, it should be Secure By Default on Solaris. >> > > But OpenBSD's concept of security is about as useful as Windows 95 > unplugged from the Internet and a piece of tape stuck on the floppy > drive. OpenBSD turns off all services, what good is that? > > Are you telling me that somehow every time I switch mouse focus to an > xterm I should be asked to enter a password? Becuase I can see that > being a security issue just as much as a security issue virtual consoles > is. No. They're obviously different. Even for xterm in a X session, users still need to pay attention to the security issue if they su'ed to another user in a xterm, and e.g. they can exit this su once they're done. Regards, Riny
[vconsole-discuss] Re: Virtual Console new release available NOW!
Shawn Walker wrote: > On 22/06/07, Dev Mazumdar wrote: >> > It's for secure switch. The password is needed to >> > re-enter any owned session. >> > >> > You can disable this functionality by: >> > >> > # svccfg -s vtdaemon setprop options/secure=false >> > # svcadm refresh vtdaemon >> > # svcadm restart vtdaemon >> > >> > >> > Riny >> >> Hi, >> >> I guess this is what I was asking about. SHouldn't the default >> behavior be like Linux/FreeBSD or UnixWare where you don't have to >> keep re-entering the password when you switch virtual consoles that >> you've already logged in? >> > > I suppose it depends on what your perspective is. Is secure by default > or convenience more important? If you're an OpenBSD fan, the former, > if not, the latter perhaps ;) Yes, it should be Secure By Default on Solaris. > > However, maybe there is a happy medium that can be reached. > > Instead of a flat out password required on switch, by password > required on switch after X seconds of inactivity could be done? Yes, I think it could be done, but not secure. Would the extra complexity bring us much value? Users may need to remember how many seconds left for an inactive session? For simplicity, users can just directly disable the secure switch. Regards, Riny
[vconsole-discuss] Re: Virtual Console new release available NOW!
Riny Qian wrote: > Shawn Walker wrote: >> On 22/06/07, Dev Mazumdar wrote: >>> > It's for secure switch. The password is needed to >>> > re-enter any owned session. >>> > >>> > You can disable this functionality by: >>> > >>> > # svccfg -s vtdaemon setprop options/secure=false >>> > # svcadm refresh vtdaemon >>> > # svcadm restart vtdaemon >>> > >>> > >>> > Riny >>> >>> Hi, >>> >>> I guess this is what I was asking about. SHouldn't the default >>> behavior be like Linux/FreeBSD or UnixWare where you don't have to >>> keep re-entering the password when you switch virtual consoles that >>> you've already logged in? >>> >> >> I suppose it depends on what your perspective is. Is secure by default >> or convenience more important? If you're an OpenBSD fan, the former, >> if not, the latter perhaps ;) > > Yes, it should be Secure By Default on Solaris. > But OpenBSD's concept of security is about as useful as Windows 95 unplugged from the Internet and a piece of tape stuck on the floppy drive. OpenBSD turns off all services, what good is that? Are you telling me that somehow every time I switch mouse focus to an xterm I should be asked to enter a password? Becuase I can see that being a security issue just as much as a security issue virtual consoles is. regards Dev Mazumdar --- 4Front Technologies 4035 Lafayette Place, Unit F, Culver City, CA 90232, USA. Tel: (310) 202 8530 URL: www.opensound.com Fax: (310) 202 0496 Email: info at opensound.com ---
[vconsole-discuss] Re: Virtual Console new release available NOW!
On 24/06/07, Riny Qian wrote: > Shawn Walker wrote: > > Instead of a flat out password required on switch, by password > > required on switch after X seconds of inactivity could be done? > > Yes, I think it could be done, but not secure. Would the extra > complexity bring us much value? Users may need to remember how > many seconds left for an inactive session? For simplicity, users > can just directly disable the secure switch. Well, that just turns of all security then. I'd rather feel somewhat safe knowing that if I walk away from a terminal for so long that it will be secure automatically after a specified time period. -- "Less is only more where more is no good." --Frank Lloyd Wright Shawn Walker, Software and Systems Analyst binarycrusader at gmail.com - http://binarycrusader.blogspot.com/
[vconsole-discuss] Re: Virtual Console new release available NOW!
Dev Mazumdar stated: < OK after fixing up bfu with the necessary paths I got it installed. < < Vconsole seems to be working but when I switch between two vconsoles it keeps asking me for the password (I use root login) for each console. They're two different 'terminals'. So ya it should ask you to log in. This matches linux behaviour too. < < Shouldn't it remember that I'm already logged in? < < < regards < Dev Mazumdar < -- < This message posted from opensolaris.org < ___ < vconsole-discuss mailing list < vconsole-discuss at opensolaris.org < http://opensolaris.org/mailman/listinfo/vconsole-discuss -- Sean. .
[vconsole-discuss] Re: Virtual Console new release available NOW!
Dev Mazumdar wrote: > How do you install this using bfu? > > I get: > > -bash-3.00# /opt/onbld/bin/bfu -f `pwd` > Copying /opt/onbld/bin/bfu to /tmp/bfu.3327 > Executing /tmp/bfu.3327 -f > /export/vconsole-20070612.i386/vconsole-archives-b66 > > Loading /export/vconsole-20070612.i386/vconsole-archives-b66 on / > > Creating bfu execution environment ... > /tmp/bfu.3327[2366]: /net/onnv.eng/export/gate/public/bin/i386: not found > cp: cannot access /net/onnv.eng/export/gate/public/bin/i386/fastfs > cannot copy /net/onnv.eng/export/gate/public/bin/i386/fastfs > bfu aborting > -bash-3.00# > > Please provide installation steps. Please see: http://www.opensolaris.org/os/community/on/devref_toc/devref_5/#5_3_using_bfu_to_install_on which is listed at the top of the vconsole project download page http://opensolaris.org/os/project/vconsole/Downloads/ Hope it helps. Riny
[vconsole-discuss] Re: Virtual Console new release available NOW!
On 22/06/07, Dev Mazumdar wrote: > > It's for secure switch. The password is needed to > > re-enter any owned session. > > > > You can disable this functionality by: > > > > # svccfg -s vtdaemon setprop options/secure=false > > # svcadm refresh vtdaemon > > # svcadm restart vtdaemon > > > > > > Riny > > Hi, > > I guess this is what I was asking about. SHouldn't the default behavior be > like Linux/FreeBSD or UnixWare where you don't have to keep re-entering the > password when you switch virtual consoles that you've already logged in? > I suppose it depends on what your perspective is. Is secure by default or convenience more important? If you're an OpenBSD fan, the former, if not, the latter perhaps ;) However, maybe there is a happy medium that can be reached. Instead of a flat out password required on switch, by password required on switch after X seconds of inactivity could be done? -- "Less is only more where more is no good." --Frank Lloyd Wright Shawn Walker, Software and Systems Analyst binarycrusader at gmail.com - http://binarycrusader.blogspot.com/
[vconsole-discuss] Re: Virtual Console new release available NOW!
> It's for secure switch. The password is needed to > re-enter any owned session. > > You can disable this functionality by: > > # svccfg -s vtdaemon setprop options/secure=false > # svcadm refresh vtdaemon > # svcadm restart vtdaemon > > > Riny Hi, I guess this is what I was asking about. SHouldn't the default behavior be like Linux/FreeBSD or UnixWare where you don't have to keep re-entering the password when you switch virtual consoles that you've already logged in? best regards Dev Mazumdar -- This message posted from opensolaris.org
[vconsole-discuss] Re: Virtual Console new release available NOW!
It's for secure switch. The password is needed to re-enter any owned session. You can disable this functionality by: # svccfg -s vtdaemon setprop options/secure=false # svcadm refresh vtdaemon # svcadm restart vtdaemon Riny -- This message posted from opensolaris.org
[vconsole-discuss] Re: Virtual Console new release available NOW!
OK after fixing up bfu with the necessary paths I got it installed. Vconsole seems to be working but when I switch between two vconsoles it keeps asking me for the password (I use root login) for each console. Shouldn't it remember that I'm already logged in? regards Dev Mazumdar -- This message posted from opensolaris.org
[vconsole-discuss] Re: Virtual Console new release available NOW!
How do you install this using bfu? I get: -bash-3.00# /opt/onbld/bin/bfu -f `pwd` Copying /opt/onbld/bin/bfu to /tmp/bfu.3327 Executing /tmp/bfu.3327 -f /export/vconsole-20070612.i386/vconsole-archives-b66 Loading /export/vconsole-20070612.i386/vconsole-archives-b66 on / Creating bfu execution environment ... /tmp/bfu.3327[2366]: /net/onnv.eng/export/gate/public/bin/i386: not found cp: cannot access /net/onnv.eng/export/gate/public/bin/i386/fastfs cannot copy /net/onnv.eng/export/gate/public/bin/i386/fastfs bfu aborting -bash-3.00# Please provide installation steps. regards Dev Mazumdar -- This message posted from opensolaris.org