[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: shadow-960910



> Oh yeah, I know Rembrandt is still BETA. To read from you READMES: "... 
> will create /etc/shadow with aging disabled..." Is this the Right Way 
> (tm) to support shadow ? Give up to one of the strongest features ? I 
> know your PAM supports well aging. But again, that's me, you, few others. 
> Newcomer joe admin is lost in space. Tell me that I'm wrong with this...

For What It's Worth (tm), there have been arguments advanceed that
password aging is false security.  Personally, I feel that it is a
useful component of an entire security package; but I do think that it
is better for Joe I-Couldn't-Spell-SysAdmon-Yesterday-And-Now-I-Are-One
SysAdmin not to force him to use a feature that (perhaps) he doesn't
understand.  I also feel that it's better to give him the option to
enable it easily, though.

(War story alert.)

When Unix s5r2v3 - I think - first introduced password aging, you had
to edit the /etc/passwd file to enter an encoded aging string that you
had to calculate out by hand.  I wrote a tool to help translate between
multiple such formats - including, later, shadow on DEC Ultrix.

(End war story alert.)

Joe Yao				jsdy@cais.com - Joseph S. D. Yao



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []