Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!pasteur!helios.ee.lbl.gov!nosc!logicon.arpa!Makey
From: Makey@LOGICON.ARPA (Jeff Makey)
Newsgroups: comp.unix.questions
Subject: Re: /etc/passwd consolidation
Message-ID: <413@logicon.arpa>
Date: 13 Apr 89 00:48:41 GMT
References: <18929@adm.BRL.MIL>
Organization: Logicon, Inc., San Diego, CA
Lines: 20

In article <18929@adm.BRL.MIL> rbj@dsys.icst.nbs.gov (Root Boy Jim) writes:
>? From: Jeff Makey <Makey@logicon.arpa>
>?
>? I hope you have taken into consideration the security risks of using
>? the same password on more than one machine, since this must be weighed
>? against the convenience of this scheme.
>
>If your users use .rhosts,
>then one password is actually safer. Multiple passwords give the bad guys
>multiple targets, any of which would allow access to all machines.

Agreed.  If you are willing to let a breach of security on one machine
lead trivially to breaches of other machines, then by all means stick
to a single difficult-to-guess password and .rhosts files.

                           :: Jeff Makey

Department of Tautological Pleonasms and Superfluous Redundancies Department
    Disclaimer: Logicon doesn't even know we're running news.
    Internet: Makey@LOGICON.ARPA    UUCP: {nosc,ucsd}!logicon.arpa!Makey