Path: utzoo!attcan!uunet!husc6!think!ames!pasteur!agate!ucbvax!UC.MSC.UMN.EDU!slevy
From: slevy@UC.MSC.UMN.EDU ("Stuart Levy")
Newsgroups: comp.protocols.tcp-ip
Subject: Re:  password aging (from worm discussion)
Message-ID: <8811181630.AA10668@uc.msc.umn.edu>
Date: 18 Nov 88 15:30:41 GMT
Sender: usenet@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 20

> From: Barry Shein <encore!pinocchio!bzs@talcott.harvard.edu>

> Although I support the other proposals I will argue that shadow
> password files are a bad idea  ...

> It means that if, for any reason, you believe your password file has
> been let out you will have to admit that your security is compromised
> and, for starters, have everyone change their password ...

> You're turning the file into pure gold.

I don't understand this, could you explain further?  Shadow password
files aren't intended to contain clear passwords, they'd hold encrypted
ones just as they do now.  Using them would just impede people from casually
picking up the file and trying passwords without going through login etc.
But even if someone did capture a copy of a shadow pw file, you'd only be
in the same situation you always were when /etc/passwd contained passwds.
So is it really the kind of catastrophe you suggest?

	Stuart Levy