Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!pacific.mps.ohio-state.edu!zaphod.mps.ohio-state.edu!wuarchive!texbell!sugar!ficc!peter From: peter@ficc.uu.net (Peter da Silva) Newsgroups: comp.unix.wizards Subject: Re: What should the password/security/userinfo/login system include? Message-ID: <7284@ficc.uu.net> Date: 13 Dec 89 15:30:19 GMT References: <4180@sbcs.sunysb.edu> <1989Dec7.172233.10130@chinet.chi.il.us> <398@bilver.UUCP> <10650@attcan.UUCP> Reply-To: peter@ficc.uu.net (Peter da Silva) Distribution: usa Organization: Xenix Support, FICC Lines: 29 In article <10650@attcan.UUCP> ram@attcan.UUCP (Richard Meesters) writes: > Password aging is optional (at least on System V) and, while I don't like it > any better than you, if the system administrator deems it necessary to keep > proper security on his machines, then I have no choice but to go along with > it. Lets face it, it is more secure than everyone using the same password > over and over on a number of systems ad infinitum. Password aging makes it more likely that a user will use the same password on a large number of machines, simply because it increases the number of things that user needs to remember. I change my passwords when *I* need to and have the leisure to. How about fropping this chain, though. It's a lot less interesting than some of the more exotic possibilties: * Stripping everything from the password file but name, password, user id, and home. * Getting rid of the GROUP concept altogether. Replace it with a set of secondary user-ids and ACLs on files. * Reading shell, long name, etc from a text file under the user's control. What else? -- `-_-' Peter da Silva. +1 713 274 5180. . 'U` Also or . "It was just dumb luck that Unix managed to break through the Stupidity Barrier and become popular in spite of its inherent elegance." -- gavin@krypton.sgi.com