password aging
Stephen J. Friedl
friedl at vsi.COM
Wed Nov 30 05:50:23 AEST 1988
In article <9001 at smoke.BRL.MIL>, gwyn at smoke.BRL.MIL (Doug Gwyn ) writes:
>
> In response to Barry's suggestion that shadow (really, non-public)
> password files are a panicky reaction to the Internet worm/virus:
> I've recommended this for years. AT&T adopted it for its MLS UNIX
> well before the virus scare. If done right, it adds a significant
> amount of security to the typical UNIX system. It's a good idea.
A good idea indeed. It does increase the complexity of the password
code, but it can really foil a cracker. There are people out there
(i.e., `me in a former life') who are fairly adept at converting an
/etc/passwd file into a handful of logins given a couple of hours of
processor time, a good list of sample passwords, and software to
automate the task. Shadow passwords will cut this down in a pretty
big way.
How many of you have done 'grep :: /etc/passwd' on a machine?
Steve
--
Steve Friedl V-Systems, Inc. +1 714 545 6442 3B2-kind-of-guy
friedl at vsi.com {backbones}!vsi.com!friedl attmail!vsi!friedl
---------Nancy Reagan on cutting the grass: "Just say mow"---------
:wq!
More information about the Comp.unix.wizards
mailing list