Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uunet!mcsun!sunic!liuida!isy!news
From: pen@elinor.lysator.liu.se (Peter Eriksson)
Newsgroups: comp.os.misc
Subject: Re: The value of QNX
Keywords: IBMPC/AT/386, Distributed.
Message-ID: <1990Jan11.144750.11631@isy.liu.se>
Date: 11 Jan 90 14:47:50 GMT
References: <3528@zorba.Tynan.COM> <2525@softway.oz>
Sender: news@isy.liu.se (Lord of the News)
Reply-To: pen@elinor.lysator.liu.se
Organization: Dept of EE, University of Linkoping
Lines: 20

gary@softway.oz (Gary Corby) writes:

>ant@batserver.cs.uq.oz.au (Anthony Murdoch) writes:

>QNX does not have a setuid bit.  Processes such as login can read the 
>password file but unless the system manager is crazy no normal user can
>read the contents.  This feels very weird after being able to read 
>/etc/passwd on UNIX.  Because the password file is not public the user
>passwords are entered in clear text.

And since the password file isn't public, the normal user cannot change
his password at will, and the sysop will know all users passwords. This 
I didn't like at all, so I wrote a login server that took care of the
passwords for the users and store them in a non-reverseable encrypted
format. By using the server, anybody can now change their password
at will, and the sysop will not be able to find out the individual
passwords. Incase anybody is interrested in this program, please
let me know.

/* Peter Eriksson (InterNet: pen@elinor.lysator.liu.se) */