60-second timeout in Unix login
j.r.lupien
jrl at anuck.UUCP
Wed Feb 17 08:25:48 AEST 1988
In article <18083 at topaz.rutgers.edu>, ron at topaz.rutgers.edu (Ron Natalie) writes:
> Actually at BRL, it remembers all past passwords that everyone used and
> won't ever let you reuse them (or use the "passwd" program to set too
> accounts to the same password).
Oh really? This means that if you get a reject, and you know it isn't
one of your previous passwords, it >MUST< be someone else's! Then
you just try each login on the system until you hit the one who's
password you have just "guessed". This seems rather bogus.
The passwd program should not give out ANY information
about other users' passwords, even to the extent of
"you have just used a word nobody else is using".
Security is YOUR job, too!
More information about the Comp.unix.wizards
mailing list