Unix userid conventions
Mike Muuss
mike at BRL.ARPA
Tue Mar 10 14:19:53 AEST 1987
BRL UNIX Release #3 and beyond have a variety of improvements to
the security mechanisms of UNIX, especially in LOGIN, where
stricter logging/disconnect policies are implemented, and in
PASSWD, where user-selected passwords must clear dictionary lookups,
local dictionary lookups, and a local administrator "hotlist"
which includes passwords like the ever-popular "susan".
There is no additional security obtained by having gibberish user
names. Not counting the "who" and "ls" commands available to other
local users, the first time each user posts mail and/or netnews,
their username is "out of the bag". Big deal.
For a really cogent discussion of computer security, may I refer you
to Army Regulation 380-380 (available from the Government Printing
Orifice) -- it's one of the few well written Government security
regulations. Observe how it spends most of it's time discussing
physical security, and personnel screening.
To your IBM folks, just bellow "Egads, it's User Hostile"
and beat a hasty retreat.
Best,
-Mike Muuss
Postal:
Mike Muuss
Leader, Advanced Computer Systems Team
Systems Engineering and Concepts Analysis Division
U.S. Army Ballistic Research Laboratory
Attn: SLCBR-SECAD (Muuss)
APG, MD 21005-5066
More information about the Comp.unix.wizards
mailing list