Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!umich!samsung!brutus.cs.uiuc.edu!psuvax1!psuvm!UCLAAIS!LSRGS
From: LSRGS@UCLAAIS.BITNET (Glenn Scott)
Newsgroups: bit.listserv.novell
Subject: Re: RE:passwords getting lost ..
Message-ID: <NOVELL%90020515082059@SUVM.BITNET>
Date: 5 Feb 90 20:07:00 GMT
Sender: Novell LAN Interest Group <NOVELL@SUVM>
Reply-To: Novell LAN Interest Group <NOVELL@SUVM>
Lines: 29
Approved: NETNEWS@PSUVM Gateway

> We have the same problem with "lost passwords" on a 2.15 Rev.  A server.
> Even if the "Password required" flag is set, the user can log in without
> even be asked for a password.

> The problem occurs after we entered 350 users with MAKEUSER and the
> expiration date has been encountered.
>

        That *must* be the culprit... MAKEUSER.  We did the same
        thing... installed a server and created a couple hundred
        accounts.

> The only fix of the problem til now: enter SYSCON, set the password
> required flag to NO and back to YES (manualy!). After doing so the
> security mechanism works as it should.

        We tried this and it seems to be working.
>
> I believe this is a severe security problem and Novell should fix it.
>

       You better believe it is!  Anyone else have this problem?
       I mean, anytime a system just "loses" passwords it makes
       me start to squirm.  What bugs me even more is my users
       weren't telling me!  I think they thought it was some kind
       of benefit!  Argh!

Glenn Scott
Honors and Undergraduate Programs / Info Services