Path: utzoo!attcan!ram
From: ram@attcan.UUCP (Richard Meesters)
Newsgroups: comp.unix.wizards
Subject: Re: What should the password/security/userinfo/login system include?
Message-ID: <10665@unix.UUCP>
Date: 14 Dec 89 14:34:18 GMT
References: <4180@sbcs.sunysb.edu> <1989Dec7.172233.10130@chinet.chi.il.us> <7284@ficc.uu.net>
Distribution: usa
Organization: AT&T Canada Inc., Toronto
Lines: 28

In article <7284@ficc.uu.net>, peter@ficc.uu.net (Peter da Silva) writes:
> Password aging makes it more likely that a user will use the same password
> on a large number of machines, simply because it increases the number of
> things that user needs to remember.
> 
Huh?  Maybe I'm not reading this right.  Users will naturally gravitate to
using the same password on multiple systems, IMHO, for the same reasons you
have listed above.  If password aging is used, that forces them to at least
change them once in a while.

> I change my passwords when *I* need to and have the leisure to.

So do I.  I've even been known to use abusive passwords when the system makes
me change.  Somehow that makes me feel better :-}.
> 
> How about fropping this chain, though. It's a lot less interesting than
> some of the more exotic possibilties:
> 
> 	* Stripping everything from the password file but name, password,
> 	  user id, and home.

This looks a lot like what 386 unix already does with /etc/shadow and the
password file.


Regards,
Richard Meesters