Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site ki4pv.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxt!houxm!vax135!petsd!peora!ucf-cs!ki4pv!tanner From: tanner@ki4pv.UUCP (Tanner Andrews) Newsgroups: net.unix-wizards Subject: Re: Another reason why a few sources should come with binary licenses Message-ID: <455@ki4pv.UUCP> Date: Wed, 4-Sep-85 11:55:39 EDT Article-I.D.: ki4pv.455 Posted: Wed Sep 4 11:55:39 1985 Date-Received: Sat, 7-Sep-85 05:49:53 EDT References: <1149@brl-tgr.ARPA> Organization: CompuData South, DeLand Lines: 22 ] few progs need to see encrypted passwords in /etc/passwd, /etc/group ] therefore, have non-readable pw file containing this info. Login, passwd, newgrp, and su are the main progs which require this information. However, in many cases, the password in /etc/passwd may be used by some program that wants to be sure that the person using it is really who we think it is. Any prog may wish this information. A database maintainer (real or game) may wish to protect certain functions by requiring a password which is matched against some /etc/passwd encrypted string. This is certainly a way offered by the documents to verify a person's identity. As for the "dictionary" testing: have a daemon go through there each weekend, and flag those passwords that it can guess. Have the "passwd" prog use the dictionary and reject any passwords it finds there. Have a bulletin printed for your new users advising them that it is bad form to use real words. -- Tanner Andrews, KI4PV uucp: ...!decvax!ucf-cs!ki4pv!tanner