Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!brutus.cs.uiuc.edu!ux1.cso.uiuc.edu!mp.cs.niu.edu!rickert From: rickert@mp.cs.niu.edu (Neil Rickert) Newsgroups: comp.unix.questions Subject: Re: passwd access method? Message-ID: <1990Aug28.004236.328@mp.cs.niu.edu> Date: 28 Aug 90 00:42:36 GMT References: <14920004@hpdmd48.boi.hp.com> Organization: Northern Illinois University Lines: 33 In article <14920004@hpdmd48.boi.hp.com> markw@hpdmd48.boi.hp.com (Mark Wolfe) writes: > > As a part of beefing up security on the machines I administer, I'm working >on implementing password aging. In order to simplify the process, I wrote a > > My question is this: > Is there a proper way to access the passwd file to insure file inegrity and >security? I use the lockf call to reduce the chance of simultaneous access doing Before you worry about locking the passwd file, why don't you work on the more important problems: 1. Making sure the user doesn't just choose the same password again. 2. Ensuring that the user doesn't change to a different password, then immediately change back to the original. 3. Making sure that the user doesn't write down his/her new password, just in case it is forgotten. 4. Making sure that the user doesn't select an easy to guess password, because with all the forced password changes he/she has run out of good ideas for hard to guess passwords. 5. Making sure that the user doesn't login from a PC terminal emulator, with an automatic login script, and with his password there on the PC where anyone with access to the PC can get it. I guess it is hopeless. People will continue to come up with technical solutions to the problem which fail to take into account the real source of security weaknesses - human psychology. -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Neil W. Rickert, Computer Science Northern Illinois Univ. DeKalb, IL 60115. +1-815-753-6940