Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!psuvax1!brutus.cs.uiuc.edu!wuarchive!texbell!ficc!peter From: peter@ficc.uu.net (Peter da Silva) Newsgroups: comp.unix.wizards Subject: Re: What should the password/security/userinfo/login system include? Message-ID: <7322@ficc.uu.net> Date: 15 Dec 89 19:02:01 GMT References: <4180@sbcs.sunysb.edu> <1989Dec7.172233.10130@chinet.chi.il.us> <7284@ficc.uu.net> <10665@unix.UUCP> <7311@ficc.uu.net> <6602@jpl-devvax.JPL.NASA.GOV> Reply-To: peter@ficc.uu.net (Peter da Silva) Distribution: usa Organization: Xenix Support, FICC Lines: 44 > We have no extra stuff in our password file for aging. The age in weeks, > modulo 64, is encoded into one of the salt characters (perturbed by the > first two characters of the login name so that salts are still randomly > distributed; also, the other salt character is still totally random.) > Nifty, eh? Nope. Whether it's in another field or hidden in the password is a difference that makes no difference. And besides, that's not the point. The subject is... what should the system security system include? I have four main points: (a) Files should use ACLs, rather than user/group/other. (b) Groups are a bad idea and should be abandoned. All they are is secondary user ids. Why not put them in the same name space as the rest of the user ids? (c) The password file should just contain: login name password password aging user id home directory secondary user-ids (d) All other information should be in an easily editable/processable format in ~user/.something: default shell full name office telephone number I'd recommend a format like RFC-822: Shell: /bin/csh Mailer: /usr/local/lib/deliver Name: Peter da Silva Office: 2419 Phone: 5180 Plan: Replacing MS-DOS with UNIX throughout the company. Favorite-pizza: Pepperoni and Pineapple -- `-_-' Peter da Silva. +1 713 274 5180. . 'U` Also or . "It was just dumb luck that Unix managed to break through the Stupidity Barrier and become popular in spite of its inherent elegance." -- gavin@krypton.sgi.com