What should the password/security/userinfo/login system include?

[Dan Bernstein]

This is rather open-ended. There are hundreds of files dealing with
system administration, user information, user control, and so on. There
are almost as many different programs for interacting with those files,
some more logical and coherently organized than others.

Does /etc/utmp makes sense? Should passwords and usernames be longer?
Should all login sessions be automatically recoverable? What about
Steve Bellovin's session manager? Should passwords be in their own
protected directory, one file per user? What features should the login
program have? Should root have a secure /root directory, with all
interesting files safely tucked away? How should yellow pages work?

I don't know the right phrase to describe what I'm aiming at; ``user
control'' is the best I've come up with. Anyway, we're all so used to a
particular set of user control files and user control programs that we
rarely consider entirely different, perhaps better, systems.

I find myself working (not too strenuously) on a complete redesign of
the user control system. Basically, what d'y'all want in it? I don't
promise to take any particular suggestion, but I'll give credit for new
ideas that I use.

I'll try to archive all responses to this article; please stick to news,
not mail.

---Dan