What should the password/security/userinfo/login system include?

[Peter da Silva]

> We have no extra stuff in our password file for aging.  The age in weeks,
> modulo 64, is encoded into one of the salt characters (perturbed by the
> first two characters of the login name so that salts are still randomly
> distributed; also, the other salt character is still totally random.)

> Nifty, eh?

Nope. Whether it's in another field or hidden in the password is a
difference that makes no difference. And besides, that's not the point.

The subject is... what should the system security system include?

I have four main points:

(a) Files should use ACLs, rather than user/group/other.
(b) Groups are a bad idea and should be abandoned. All they are is
    secondary user ids. Why not put them in the same name space
    as the rest of the user ids?
(c) The password file should just contain:
	login name
	password
	password aging
	user id
	home directory
	secondary user-ids
(d) All other information should be in an easily editable/processable
    format in ~user/.something:
	default shell
	full name
	office
	telephone number
    I'd recommend a format like RFC-822:
	Shell: /bin/csh
	Mailer: /usr/local/lib/deliver
	Name: Peter da Silva
	Office: 2419
	Phone: 5180
	Plan: Replacing MS-DOS with UNIX throughout the company.
	Favorite-pizza: Pepperoni and Pineapple
-- 
`-_-' Peter da Silva. +1 713 274 5180. <peter at ficc.uu.net>.
 'U`  Also <peter at ficc.lonestar.org> or <peter at sugar.lonestar.org>.
"It was just dumb luck that Unix managed to break through the Stupidity Barrier
and become popular in spite of its inherent elegance." -- gavin at krypton.sgi.com