Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uflorida!haven!adm!xadmx!rbj@dsys.icst.nbs.gov
From: rbj@dsys.icst.nbs.gov (Root Boy Jim)
Newsgroups: comp.unix.questions
Subject: /etc/passwd consolidation
Message-ID: <18929@adm.BRL.MIL>
Date: 3 Apr 89 22:20:22 GMT
Sender: news@adm.BRL.MIL
Lines: 27

? From: Jeff Makey <Makey@logicon.arpa>

? I hope you have taken into consideration the security risks of using
? the same password on more than one machine, since this must be weighed
? against the convenience of this scheme.

?                            :: Jeff Makey

? Department of Tautological Pleonasms and Superfluous Redundancies Department
?     Disclaimer: Logicon doesn't even know we're running news.
?     Internet: Makey@LOGICON.ARPA    UUCP: {nosc,ucsd}!logicon.arpa!Makey

I must regrettably disagree with my former colleague on the security
risks. It depends on what assumptions you make. If your users use .rhosts,
then one password is actually safer. Multiple passwords give the bad guys
multiple targets, any of which would allow access to all machines.

To answer the guys original question, you can run Yellow Pages if you
have Suns, or people who are tracking Sun's NFS/RPC/XDR networking
software, such as Sequent. However, YP is fraught with it's own problems,
such as not working well with nameservers.

Don Libes <libes@cme.nbs.gov> just posted a network wide password checker
to (whatever they call) net.sources (these days) which might also help.

	Catman Rshd <rbj@nav.icst.nbs.gov>
	Author of "The Daemonic Versions"