Yet Another useful paper
Henry Spencer
henry at utzoo.uucp
Thu Dec 22 05:41:32 AEST 1988
In article <12750 at bellcore.bellcore.com> karn at ka9q.bellcore.com (Phil Karn) writes:
>I too have my doubts about the effectiveness of shadow password files. My
>fear is that it will make administrators complacent; they'll reason that
>since no one can get at the file, then there's no need to ensure on a
>regular basis that people pick hard-to-guess passwords.
Turn it around: would you suggest deleting shadow password files, from
systems which already have them, just to keep the sysadmins alert? Seems
a bit drastic to me. I would think that any sensible sysadmin realizes
that password guessing via login is always a threat. And insensible :-)
sysadmins are beyond help anyway, short of massive upheaval in the software
to make it naive-sysadmin-friendly.
--
"God willing, we will return." | Henry Spencer at U of Toronto Zoology
-Eugene Cernan, the Moon, 1972 | uunet!attcan!utzoo!henry henry at zoo.toronto.edu
More information about the Comp.unix.wizards
mailing list