Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!wuarchive!emory!gatech!ukma!kherron From: kherron@ms.uky.edu (Kenneth Herron) Newsgroups: comp.unix.sysv386 Subject: Re: SCO Unix password scheme sucks! Message-ID: Date: 12 Dec 90 14:18:47 GMT References: <36535@cup.portal.com> <36600@cup.portal.com> <662@hitachi.uucp> Distribution: na Organization: U of Ky, Math. Sciences, Lexington KY Lines: 33 jon@hitachi.uucp (Jon Ryshpan) writes: >In article <36600@cup.portal.com> ts@cup.portal.com (Tim W Smith) writes: No, actually I wrote this paragraph >>> It's called security. I don't know about your site, but some sites have >>> to protect against breakins, and that means users have to use reasonable >>> passwords, not stupid ones like "a". >SysV Unix (at least Interactive) allows you to create a password >without numerics or special chars for root or a system account at >system initialization, but it won't allow a user account to have >this kind of password. >Explain that! I just rlogin'ed to a machine running AT&T SysV/386 3.2.1 and, as root, was able to apply the password "a" to a previously-unpassworded user account. Had I logged into this account and then tried to change its password, I presume I would have had to pick something more complex. We don't have a system loaded with Interactive (or SCO, for that matter) around here but I assume they're similar in that root can put any password on any account but that other users must pick something reasonable. If this is not the case, then I, personally, do not give a damn. The point of my original posting was this: If you're going to use passwords AT ALL then why go with a silly, unsecure one? -- Kenneth Herron kherron@ms.uky.edu University of Kentucky (606) 257-2975 Department of Mathematics I just proved Fermat's last theorem, but .signatures can only be four lines.