Yet Another useful paper
The Beach Bum
jfh at rpp386.Dallas.TX.US
Wed Dec 21 10:37:58 AEST 1988
In article <12750 at bellcore.bellcore.com> karn at ka9q.bellcore.com (Phil Karn) writes:
>I too have my doubts about the effectiveness of shadow password files. My
>fear is that it will make administrators complacent; they'll reason that
>since no one can get at the file, then there's no need to ensure on a
>regular basis that people pick hard-to-guess passwords.
I feel that shadow password files [ and I run one here ... ] raise the
amount of desparation required for an attempt to succeed. Now, short of
a physical breakin, one would need to sit at a login prompt for quite some
time before getting a password broken.
Before the user didn't even need a shell login to steal the password file,
a UUCP login would have done. This has been changed ...
--
John F. Haugh II +-Quote of the Week:-------------------
VoiceNet: (214) 250-3311 Data: -6272 |"Unix doesn't have bugs,
InterNet: jfh at rpp386.Dallas.TX.US | Unix is a bug"
UucpNet : <backbone>!killer!rpp386!jfh +-- -- author forgotten --
More information about the Comp.unix.wizards
mailing list