new password idea
Leslie Mikesell
les at chinet.chi.il.us
Fri Apr 26 01:49:54 AEST 1991
>>} On some of our non-UNIX systems we use a security package that has
>>} another useful feature: after a certain number of bad passwords are
>>} given consecutively for a logonid, the logonid is suspended.
>>Yup -- it's a great way to lock out the system administrators when
>>you're ready to do some serious monkey business.
I just had an umm... interesting... experience with password aging. This
was on a spare 386 box that had been sitting around for a while without
being turned on. When it started up, fsck complained a bit, then there
were a few error messages from some of the rc files, but eventually
a login prompt came up. I logged in as root and got the "password has
expired, please choose a new one" prompt, but it didn't wait for me
to enter anything before saying that it was changing root's password,
and then it wouldn't let me log in. Then I repeated the sequence with
the only other login that I know for the machine...
It turned out that the machine had come up with something wrong with
/dev/tty and the attempt to open /dev/tty to get the new password had
failed, but the stupid program went ahead and accepted *something* from
the failing read and installed it as the new password for root.
Fun stuff, huh?
I happened to have a boot floppy handy and this machine wasn't needed
at the moment anyway, but it would not have been a nice way to start
a day with a few dozen users screaming about having to get some work
done.
Les Mikesell
les at chinet.chi.il.us
More information about the Comp.unix.wizards
mailing list