/etc/passwd consolidation

Root Boy Jim rbj at dsys.icst.nbs.gov
Tue Apr 4 08:20:22 AEST 1989


? From: Jeff Makey <Makey at logicon.arpa>

? I hope you have taken into consideration the security risks of using
? the same password on more than one machine, since this must be weighed
? against the convenience of this scheme.

?                            :: Jeff Makey

? Department of Tautological Pleonasms and Superfluous Redundancies Department
?     Disclaimer: Logicon doesn't even know we're running news.
?     Internet: Makey at LOGICON.ARPA    UUCP: {nosc,ucsd}!logicon.arpa!Makey

I must regrettably disagree with my former colleague on the security
risks. It depends on what assumptions you make. If your users use .rhosts,
then one password is actually safer. Multiple passwords give the bad guys
multiple targets, any of which would allow access to all machines.

To answer the guys original question, you can run Yellow Pages if you
have Suns, or people who are tracking Sun's NFS/RPC/XDR networking
software, such as Sequent. However, YP is fraught with it's own problems,
such as not working well with nameservers.

Don Libes <libes at cme.nbs.gov> just posted a network wide password checker
to (whatever they call) net.sources (these days) which might also help.

	Catman Rshd <rbj at nav.icst.nbs.gov>
	Author of "The Daemonic Versions"



More information about the Comp.unix.questions mailing list