What should the password/security/userinfo/login system include?
Richard Meesters
ram at attcan.UUCP
Fri Dec 15 01:34:18 AEST 1989
In article <7284 at ficc.uu.net>, peter at ficc.uu.net (Peter da Silva) writes:
> Password aging makes it more likely that a user will use the same password
> on a large number of machines, simply because it increases the number of
> things that user needs to remember.
>
Huh? Maybe I'm not reading this right. Users will naturally gravitate to
using the same password on multiple systems, IMHO, for the same reasons you
have listed above. If password aging is used, that forces them to at least
change them once in a while.
> I change my passwords when *I* need to and have the leisure to.
So do I. I've even been known to use abusive passwords when the system makes
me change. Somehow that makes me feel better :-}.
>
> How about fropping this chain, though. It's a lot less interesting than
> some of the more exotic possibilties:
>
> * Stripping everything from the password file but name, password,
> user id, and home.
This looks a lot like what 386 unix already does with /etc/shadow and the
password file.
Regards,
Richard Meesters
More information about the Comp.unix.wizards
mailing list