Security Problem?
chris at umcp-cs.UUCP
chris at umcp-cs.UUCP
Fri Jul 1 13:07:59 AEST 1983
From: Greg Skinner <EE.GDS%MIT-OZ at mit-mc>
Some users stupidly have login and password names the same.
This happens often when accounts are newly created and the user
is not present at the creation time.
If any sites would like to fix that, I have a program called
``newacct'' which is intended to be run by the user getting the
account. It reads the login name, full name, passwd, etc, and
constructs a mail message (to "mark", but that's a #define) with a
nicely complete passwd file entry. No one ever gets to actually see
the pasword typed; once the password has been accepted the encrypted
one is displayed. It even has a verfiy-password procedure (which
currently just checks the length of the password). It uses my windows
library, which I'm starting to send to net.sources (I sent
documentation early this morning). With a small modification to the
password-verifier you'd have a ``secure'' system. ('A course, ya still
need to change the password-change-program.)
If you want newacct, send me mail. If enough people want it I'll post
it to net.sources.
- Chris
--
UUCP: {seismo,allegra,brl-bmd}!umcp-cs!chris
CSNet: chris at umcp-cs
ARPA: chris.umcp-cs at UDel-Relay
More information about the Comp.unix.wizards
mailing list