Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!uunet!tellab5!chinet!les
From: les@chinet.chi.il.us (Leslie Mikesell)
Newsgroups: comp.unix.wizards
Subject: Re: new password idea
Message-ID: <1991Apr25.154954.14372@chinet.chi.il.us>
Date: 25 Apr 91 15:49:54 GMT
References: <1991Apr24.004539.3881@mp.cs.niu.edu> <14655@ulysses.att.com> <1991Apr25.000323.7702@mp.cs.niu.edu>
Organization: Chinet - Chicago Public Access UNIX
Lines: 28

>>}      On some of our non-UNIX systems we use a security package that has
>>} another useful feature:  after a certain number of bad passwords are
>>} given consecutively for a logonid, the logonid is suspended.

>>Yup -- it's a great way to lock out the system administrators when
>>you're ready to do some serious monkey business. 

I just had an umm... interesting... experience with password aging.  This
was on a spare 386 box that had been sitting around for a while without
being turned on.  When it started up, fsck complained a bit, then there
were a few error messages from some of the rc files, but eventually
a login prompt came up.  I logged in as root and got the "password has
expired, please choose a new one" prompt, but it didn't wait for me
to enter anything before saying that it was changing root's password,
and then it wouldn't let me log in.  Then I repeated the sequence with
the only other login that I know for the machine...
It turned out that the machine had come up with something wrong with
/dev/tty and the attempt to open /dev/tty to get the new password had
failed, but the stupid program went ahead and accepted *something* from
the failing read and installed it as the new password for root.
Fun stuff, huh?
I happened to have a boot floppy handy and this machine wasn't needed
at the moment anyway, but it would not have been a nice way to start
a day with a few dozen users screaming about having to get some work
done.

Les Mikesell
  les@chinet.chi.il.us