What should the password/security/userinfo/login system include?

[Peter da Silva]

In article <10650 at attcan.UUCP> ram at attcan.UUCP (Richard Meesters) writes:
> Password aging is optional (at least on System V) and, while I don't like it
> any better than you, if the system administrator deems it necessary to keep
> proper security on his machines, then I have no choice but to go along with
> it.  Lets face it, it is more secure than everyone using the same password
> over and over on a number of systems ad infinitum.

Password aging makes it more likely that a user will use the same password
on a large number of machines, simply because it increases the number of
things that user needs to remember.

I change my passwords when *I* need to and have the leisure to.

How about fropping this chain, though. It's a lot less interesting than
some of the more exotic possibilties:

	* Stripping everything from the password file but name, password,
	  user id, and home.
	* Getting rid of the GROUP concept altogether. Replace it with
	  a set of secondary user-ids and ACLs on files.
	* Reading shell, long name, etc from a text file under the
	  user's control.

What else?
-- 
`-_-' Peter da Silva. +1 713 274 5180. <peter at ficc.uu.net>.
 'U`  Also <peter at ficc.lonestar.org> or <peter at sugar.lonestar.org>.
"It was just dumb luck that Unix managed to break through the Stupidity Barrier
and become popular in spite of its inherent elegance." -- gavin at krypton.sgi.com