Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10 5/3/83; site ukc.UUCP
Path: utzoo!linus!decvax!genrad!mit-eddie!mit-vax!eagle!mhuxt!mhuxi!mhuxa!houxm!hogpc!houti!ariel!vax135!ukc!pc
From: pc@ukc.UUCP
Newsgroups: net.unix-wizards
Subject: Security
Message-ID: <3852@ukc.UUCP>
Date: Fri, 8-Jul-83 05:56:34 EDT
Article-I.D.: ukc.3852
Posted: Fri Jul  8 05:56:34 1983
Date-Received: Sat, 9-Jul-83 13:37:39 EDT
Organization: Computing Lab. Kent University, England
Lines: 25

If people are REALLY WORRIED about the decryption of passwords
why not move the passwords to another file, which is read-only
by root. After all only passwd and login need to access the file
and both of them are setuid.

At UKC, we have user populations of 600-700 and have totally
replaced the password file by a binary file with some integral
number of bytes per user. This means that random access can be used
to access an individual entry. Other keys to the password file (such
as login name and in our case the user's system id) are abstracted
to a set of very small files which are kept in uid
order - these files can be opened and searched very easily.

For compatibility purposes we generate /etc/passwd every night (with
no passwords) and passwords are never printed even in their encrypted
form.

One of the benefits of a binary password file is that the record for
each user can be much bigger. We currently store a set of limits
which are applied at login time and we plan to put in the set of
groups which can be used for 4.1c/4.2.

	Peter Collinson

	{mcvax, vax135} !ukc!pc