What should the password/security/userinfo/login system include?

[Warner Losh]

In article <10650 at attcan.UUCP> ram at attcan.UUCP (Richard Meesters) writes:
>Personally I like the fact that even the superuser doesn't -know- my password.
>True, he can change it to no password, or even any password he wants, but
>unless he can decript the file, he couldn't possibly use *my* password.  It 
>adds a feeling of security on the user's side.

If I'm root, why can't I just say "su ram" and use your account like
that?  You would be none the wiser and I'd still get access to your
account as you, without any body bothering to log that fact anywhere.
Or am I, as usual, missing something terribly fundamental?

Warner

P.S.  Don't go yelling at me that you use the same password on all
machines, so you don't want the sysadmin to see it on one.  If you are
doing this, then you have created a large security hole.  Same thing
with .rhosts files.

-- 
-- 
Warner Losh	warner at twg.com (formerly warner at hydrovax.nmt.edu)
My views and spelling are my own.  Only the letters have been changed.