Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!mips!pacbell.com!tandem!zorch!ditka!mcdchg!ddsw1!learn
From: learn@ddsw1.MCS.COM (William Vajk)
Newsgroups: comp.org.eff.talk
Subject: Re: Allow students to run password guessers?
Message-ID: <1991Jun28.033536.10048@ddsw1.MCS.COM>
Date: 28 Jun 91 03:35:36 GMT
References: <1991Jun22.234109.25051@athena.cs.uga.edu> <1991Jun23.231749.25498@murdoch.acc.Virginia.EDU> <1991Jun24.041435.5423@athena.cs.uga.edu>
Organization: Dares No Organization Like Dis Organization
Lines: 36

In article <1991Jun24.041435.5423@athena.cs.uga.edu> Michael Covington writes:

>In article <231749.25498@murdoch.acc.Virginia.EDU> Greg Lindahl writes:

>>In article <234109.25051@athena.cs.uga.edu> Michael A. Covington writes:

>>>a sysadmin cannot investigate "intent" every time an alarm goes off.

>>Especially when your idea of an alarm is: OH MY GOD! THEY'RE RUNNING COPS!

>>I have yet to have an alarm go off, because I've tested the security
>>of my system and I'm not paranoid.

>This is getting ridiculous. Our policy is that students are *not* allowed
>to obtain passwords without the consent of the password owner, by any means
>whatever.

Of course it is getting ridiculous. 

You have policies for everything besides choice in passwords ?

If the system administrator does his job and runs cops, or more advanced
renditions of the theme, then the problem is no longer a problem.

If the system administrator installs the shadow password software, then
the problem no longer exists at all.

Greg runs password checkers himself on system(s) he administers. I do
too. Then it no longer matters whether the student runs cops or similar
software. 

It seems as though you're willing to stand there and defend that /etc/passwd
file with a pick handle (shades of Lester Maddox, dontcha know) instead of 
closing that hole as a prudent man would do.

Bill Vajk