Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!umich!samsung!brutus.cs.uiuc.edu!psuvax1!psuvm!DDATHD21!XBR1D65W
From: XBR1D65W@DDATHD21.BITNET (HAJO SCHMITT)
Newsgroups: bit.listserv.novell
Subject: RE:passwords getting lost ..
Message-ID: <NOVELL%90020210122552@SUVM.BITNET>
Date: 2 Feb 90 16:57:18 GMT
Sender: Novell LAN Interest Group <NOVELL@SUVM>
Reply-To: Novell LAN Interest Group <NOVELL@SUVM>
Lines: 19
Approved: NETNEWS@PSUVM Gateway
X-VMS-To: X%"novell@suvm"
Comments:     Warning -- original Sender: tag was

We have the same problem with "lost passwords" on a 2.15 Rev.  A server.
Even if the "Password required" flag is set, the user can log in without
even be asked for a password.
The problem occurs after we entered 350 users with MAKEUSER and the
expiration date has been encountered. (First i wan't beleive students
telling me, that they can log in without passwords). The error
doesn't occur on every account.

The only fix of the problem til now: enter SYSCON, set the password
required flag to NO and back to YES (manualy!). After doing so the
security mechanism works as it should.

I believe this is a severe security problem and Novell should fix it.


Hans-Jochen Schmitt
Technical University Darmstadt

West-Germany