'passwd' at athena.mit.edu (was "Re: unsub")

Fri Apr 28 20:16:34 AEST 1989

In article <10896 at bloom-beacon.MIT.EDU> orionel at athena.mit.edu writes:
>I have a small problem. I just finished reading a unix book in which
>certain instructions were given to create a new password for a user in
>case they forgot their old one.

Apparently the unix book didn't explain the "man" command to you.  The
Athena passwd command is not the same as the BSD Unix passwd command;
it modifies kerberos passwords. not Unix passwords.  "passwd.real" is
the program on Athena which modifies local workstation passwords as
described in standard Unix documentation.

>Of course only a super user can execute these instructions (which I am)

Well, gee, you managed to find out the highly guarded super-user
password of the workstations at Project Athena.  Our workstation root
password, for those of you who are curious, is 'mrroot.'  It is
publicly available -- consultants give it out constantly so users can
fix minor problems on their workstations.  It's possible for us to do
this because root on our workstations isn't trusted anywhere except on
the workstation -- kerberos is used for all network authentication.
Further, the worst thing a user with root on a workstation can do is
screw it up enough that the software needs to be reloaded -- that
takes about twenty minutes for an operations staffperson.  That
problem will soon be eliminated as well, when we move to a read-only
root; but that's another issue.

># passwd roxanne
>New password: stoopid
>Retype new password: stoopid
>#

Gee, looks like you're trying to change someone else's password.
That's a no-no.  Unless, of course, you have her permission....

>Thats the way its supposto work. To change user roxanne password
>instead I get
>
># passwd roxanne
>Usage: passwd [-name name] [-inst inst]

Precisely for the reason described above -- the syntax is different so
that you don't confuse it with standard Unix passwd.  Furthermore, the
theory is that if you are an advanced enough user on Athena to be
changing someone else's password, you'll understand, or at least how
to use "man" or "olc" (On-Line Consulting, our consulting system).

Apparently, the theory is wrong.

>What is wrong???
>
>orionel at athena.mit.edu

You're confused.

If someone forgets their password at Athena, they need to talk to the
accounts administrator to get it changed to something new.  We don't
give random users the access to change other people's Kerberos
passwords.  Try using olc, or perhaps try reading some Athena
documentation, rather than posting questions to comp.unix.wizards with
which no one outside of Athena is going to be able to help you.

Jonathan Kamens			              USnail:
MIT Project Athena				410 Memorial Drive, No. 223F
jik at Athena.MIT.EDU				Cambridge, MA 02139-4318
Office: 617-253-4261			      Home: 617-225-8218

P.S. Athena is anything but a normal Unix timesharing system.  If you
have questions about Athena, try finding them out inside Athena first.