password aging

Stephen J. Friedl friedl at vsi.COM
Wed Nov 30 05:50:23 AEST 1988


In article <9001 at smoke.BRL.MIL>, gwyn at smoke.BRL.MIL (Doug Gwyn ) writes:
> 
> In response to Barry's suggestion that shadow (really, non-public)
> password files are a panicky reaction to the Internet worm/virus:
> I've recommended this for years.  AT&T adopted it for its MLS UNIX
> well before the virus scare.  If done right, it adds a significant
> amount of security to the typical UNIX system.  It's a good idea.

A good idea indeed.  It does increase the complexity of the password
code, but it can really foil a cracker.  There are people out there
(i.e., `me in a former life') who are fairly adept at converting an
/etc/passwd file into a handful of logins given a couple of hours of
processor time, a good list of sample passwords, and software to
automate the task.  Shadow passwords will cut this down in a pretty
big way.

How many of you have done 'grep :: /etc/passwd' on a machine?

      Steve

-- 
Steve Friedl    V-Systems, Inc.  +1 714 545 6442    3B2-kind-of-guy
friedl at vsi.com     {backbones}!vsi.com!friedl    attmail!vsi!friedl
---------Nancy Reagan on cutting the grass: "Just say mow"---------
:wq!



More information about the Comp.unix.wizards mailing list