UNIX security and passwords

Steven M. Bellovin smb at ulysses.homer.nj.att.com
Wed Jan 4 08:07:46 AEST 1989


In article <23731 at pprg.unm.edu>, kurt at pprg.unm.edu (Kurt Zeilenga) writes:
> I've been managing computers for about eight years and have seen
> hundreds of security incidents first hand.  Of them, I can
> only remember one or two that actually tried to use a program
> to guess passwords.

Three possible answers:  (a) you've seen an atypical sample; (b) I've
seen an atypical sample, because I've seen many such incidents; or (c) just
because you haven't seen them doesn't mean they haven't happened....
The other things you cite are certainly problems that need fixing.  So
are crackable passwords.  I don't think anyone else in this discussion is
advocating that we stick with the current schemes, i.e., neither a private
password file nor a beefed-up passwd command.



More information about the Comp.unix.wizards mailing list