Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!apple!portal!cup.portal.com!ts From: ts@cup.portal.com (Tim W Smith) Newsgroups: comp.unix.sysv386 Subject: Re: SCO Unix password scheme sucks! Message-ID: <36600@cup.portal.com> Date: 6 Dec 90 04:09:27 GMT References: <36535@cup.portal.com> Distribution: na Organization: The Portal System (TM) Lines: 39 > It's called security. I don't know about your site, but some sites have > to protect against breakins, and that means users have to use reasonable > passwords, not stupid ones like "a". I'm not trying to do this as a user. I'm trying to do this as root. I fear that I did not make this clear in my original posting, as I have received several email suggestions that I try to set the password while logged in as root. >>The stupid thing is not even consistent! It will let me easily create an >>account with no password, which is a much bigger security problem than what I >>want to do! > >If this is so easy, why put a stupid one-letter password on the account >at all? Don't say "security," it WON'T be secure. Some things seem to insist on passwords. For example, I've seen FTP have trouble dealing with an account with no password. No doubt I did something wrong when I installed it. I don't care. It works better with a password, so I want to put a password on my FTP test account. In general, when I encounter something that wants a password, but for which I would prefer not to use a password, if the thing shows any reluctance to work with no password, I use "a" as the password. It's easy to remember and I'm consistent: I do this on all machines, so I don't have to remember anything. I *KNOW* this sucks from a security point of view. I'm not trying to have security. For example, my network consists of two machines sitting in my office. There are no outside connections. The entire reason this network exists is so that I can test the ethernet driver I am implementing. My main point is that root should be able to do whatever stupid things root wants to. The machine can warn root that root is being stupid, but root should be able to go ahead and be an idiot. Tim Smith