SCO Unix password scheme sucks!
Kenneth Herron
kherron at ms.uky.edu
Thu Dec 13 01:18:47 AEST 1990
jon at hitachi.uucp (Jon Ryshpan) writes:
>In article <36600 at cup.portal.com> ts at cup.portal.com (Tim W Smith) writes:
No, actually I wrote this paragraph
>>> It's called security. I don't know about your site, but some sites have
>>> to protect against breakins, and that means users have to use reasonable
>>> passwords, not stupid ones like "a".
>SysV Unix (at least Interactive) allows you to create a password
>without numerics or special chars for root or a system account at
>system initialization, but it won't allow a user account to have
>this kind of password.
>Explain that!
I just rlogin'ed to a machine running AT&T SysV/386 3.2.1 and, as root, was
able to apply the password "a" to a previously-unpassworded user account.
Had I logged into this account and then tried to change its password, I
presume I would have had to pick something more complex. We don't have
a system loaded with Interactive (or SCO, for that matter) around here but
I assume they're similar in that root can put any password on any account
but that other users must pick something reasonable. If this is not the
case, then I, personally, do not give a damn.
The point of my original posting was this: If you're going to use
passwords AT ALL then why go with a silly, unsecure one?
--
Kenneth Herron kherron at ms.uky.edu
University of Kentucky (606) 257-2975
Department of Mathematics
I just proved Fermat's last theorem, but .signatures can only be four lines.
More information about the Comp.unix.sysv386
mailing list