Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!tut.cis.ohio-state.edu!ukma!kherron From: kherron@ms.uky.edu (Kenneth Herron) Newsgroups: comp.unix.sysv386 Subject: Re: SCO Unix password scheme sucks! Message-ID: Date: 4 Dec 90 14:28:09 GMT References: <36535@cup.portal.com> Distribution: na Organization: U of Ky, Math. Sciences, Lexington KY Lines: 34 Tim, Did you know that they make coffee with all the caffeine taken out? Try some, I think you'll feel better. >Why does this system insist that it knows better than I do what passwords >should be used on *MY* machine? This is most annoying. I have an account >that I want to set the password for to the single letter 'a'. It's called security. I don't know about your site, but some sites have to protect against breakins, and that means users have to use reasonable passwords, not stupid ones like "a". If your site is secure against breakins then you just replace the console getty with a shell and avoid the whole login process. Or replace passwd with /bin/true and avoid password checking. >The stupid thing is not even consistent! It will let me easily create an >account with no password, which is a much bigger security problem than what I >want to do! If this is so easy, why put a stupid one-letter password on the account at all? Don't say "security," it WON'T be secure. >Am I going to have to resort to editing the encrypted password >myself? Yeah, you go do that. -- Kenneth Herron kherron@ms.uky.edu University of Kentucky (606) 257-2975 Department of Mathematics "Never trust gimmicky gadgets" -- The Doctor