reusing passwords

[MFHorn]

In article <1996 at saturn.ucsc.edu> wolf at ssyx.ucsc.edu (Michael Wolf) writes:
>>In article <2500 at codas.att.com> mikel at codas.att.com (Mikel Manitius) writes:
>>>We soon learned that often over-anxious users type their password at
>>>the login prompt, resulting it it's showing up on the console.
>>
>>It's enough to be unable to log in a number of
>>times, and this helpful operating system will make a console record of
>>the username *and* the password that were typed.
>
>You must have a very strange version of VMS.  Harvey Mudd College has
>several VMS systems, and a casual look at the login records on the
>console shows no sign of the user's passwords being printed out.

This is all configurable by your system manager.  S/he can set it up so
if you get n invalid login attempts (ie. if the system detects a possible
breakin attempt), it starts reporting them to the log file and/or operator
terminals (like the console, usually), password and all.  I think n is also
configurable.  This can be turned on for the different types of logins,
interactive, network, batch, etc. (7 in all), or turned off completely.

I still think printing the password under ANY circumstance is wrong.  If you
think someone is trying to crack a password, change it.

Andy Rosen           | arosen at hawk.ulowell.edu | "I got this guitar and I
ULowell, Box #3031   | ulowell!arosen          |  learned how to make it
Lowell, Ma 01854     |                         |  talk" -Thunder Road
                   RD in '88 - The way it should be
Andy Rosen           | arosen at hawk.ulowell.edu | "I got this guitar and I
ULowell, Box #3031   | ulowell!arosen          |  learned how to make it
Lowell, Ma 01854     |                         |  talk" -Thunder Road
                   RD in '88 - The way it should be