Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!cs.utexas.edu!wuarchive!uwm.edu!genbank!ames!amdahl!twg.com!obelix!warner
From: warner@twg.com (Warner Losh)
Newsgroups: comp.unix.wizards
Subject: Re: What should the password/security/userinfo/login system include?
Message-ID: <88@gollum.twg.com>
Date: 16 Dec 89 23:07:31 GMT
References: <4180@sbcs.sunysb.edu> <1989Dec7.172233.10130@chinet.chi.il.us> <398@bilver.UUCP> <10650@attcan.UUCP>
Sender: news@twg.com
Reply-To: warner@twg.com (Warner Losh)
Distribution: usa
Organization: The Wollongong Group
Lines: 22

In article <10650@attcan.UUCP> ram@attcan.UUCP (Richard Meesters) writes:
>Personally I like the fact that even the superuser doesn't -know- my password.
>True, he can change it to no password, or even any password he wants, but
>unless he can decript the file, he couldn't possibly use *my* password.  It 
>adds a feeling of security on the user's side.

If I'm root, why can't I just say "su ram" and use your account like
that?  You would be none the wiser and I'd still get access to your
account as you, without any body bothering to log that fact anywhere.
Or am I, as usual, missing something terribly fundamental?

Warner

P.S.  Don't go yelling at me that you use the same password on all
machines, so you don't want the sysadmin to see it on one.  If you are
doing this, then you have created a large security hole.  Same thing
with .rhosts files.

-- 
-- 
Warner Losh	warner@twg.com (formerly warner@hydrovax.nmt.edu)
My views and spelling are my own.  Only the letters have been changed.