SCO Unix password scheme sucks!

Tim W Smith ts at cup.portal.com
Thu Dec 6 15:09:27 AEST 1990


> It's called security.  I don't know about your site, but some sites have
> to protect against breakins, and that means users have to use reasonable
> passwords, not stupid ones like "a".  

I'm not trying to do this as a user.  I'm trying to do this as root.
I fear that I did not make this clear in my original posting, as I
have received several email suggestions that I try to set the password
while logged in as root.

>>The stupid thing is not even consistent!  It will let me easily create an 
>>account with no password, which is a much bigger security problem than what I 
>>want to do!
>
>If this is so easy, why put a stupid one-letter password on the account
>at all?  Don't say "security," it WON'T be secure.

Some things seem to insist on passwords.  For example, I've seen FTP
have trouble dealing with an account with no password.  No doubt I
did something wrong when I installed it.  I don't care.  It works
better with a password, so I want to put a password on my FTP
test account.

In general, when I encounter something that wants a password, but
for which I would prefer not to use a password, if the thing shows
any reluctance to work with no password, I use "a" as the password.
It's easy to remember and I'm consistent: I do this on all machines,
so I don't have to remember anything.

I *KNOW* this sucks from a security point of view.  I'm not trying
to have security.  For example, my network consists of two machines
sitting in my office.  There are no outside connections.  The entire
reason this network exists is so that I can test the ethernet driver
I am implementing.

My main point is that root should be able to do whatever stupid
things root wants to.  The machine can warn root that root is
being stupid, but root should be able to go ahead and be an idiot.

						Tim Smith



More information about the Comp.unix.sysv386 mailing list