Path: utzoo!attcan!uunet!wuarchive!brutus.cs.uiuc.edu!apple!sun-barr!ames!sgi!vjs@rhyolite.wpd.sgi.com
From: vjs@rhyolite.wpd.sgi.com (Vernon Schryver)
Newsgroups: comp.sys.sgi
Subject: Re: Problems with remote bru on PI's
Summary: check "system password"
Message-ID: <40925@sgi.sgi.com>
Date: 24 Aug 89 19:15:35 GMT
References: <8908232207.AA26042@dasys1.UUCP>
Sender: vjs@rhyolite.wpd.sgi.com
Organization: Silicon Graphics, Inc., Mountain View, CA
Lines: 21

In article <8908232207.AA26042@dasys1.UUCP>, rpaul@dasys1.UUCP (Rod Paul) writes:
> Remove the passwd field in the guest account on the remote machine.
> SGI is aware of the problem (not to say the security risk). I suggest
> not going this route if you have a modem on the remote machine.


A "system password" for lines with modems seems like a good idea.  As long
as the system password is strong enough, one needn't worry about passwords
on other accounts.  (The cryptographic strength of two passwords is not
significantly better than one.)

Not having a system password makes user names like "diag", "setup", and
"root" worrisome, if you have any incoming modems.

Everyone no doubt recalls that a "system password" can be specified
with /etc/d_passwd and /etc/dialups.


Vernon Schryver
Silicon Graphics
vjs@sgi.com