Multiple Root ID's considered evil?
Blair P. Houghton
bph at buengc.BU.EDU
Sat Sep 16 07:13:40 AEST 1989
In article <347 at galadriel.bt.co.uk> pcf at galadriel.bt.co.uk (Pete French) writes:
>From article <435 at lxn.eds.com>, by bill at lxn.eds.com (Bill Doviak):
>>
>> After checking both PASSWD(4) and PASSWD(1), I can't determine the
>>signifcance of an asterisk in the password field unless you wish to
>>prevent logins entirely for that account. Is this the intention or is
>>there some other purpose for the "*"?
>
>Yup - you gotit !
>
>The star is 'traditional' for some reason. technically known as being
>'starred out'.
But, and this is important, it's not perfect, or even very close.
With a * in the password field, and a hostname in his .rhosts, a user
can log in without a password from that "trusted" host.
Make up your own method to fix this. I think I'll just rot13 the .rhosts
of people who "don't need" their access, after starring them out.
--Blair
"Speaking from experience, of course..."
More information about the Comp.unix.wizards
mailing list