Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 5/3/83; site umcp-cs.UUCP Path: utzoo!linus!philabs!seismo!rlgvax!cvl!umcp-cs!chris From: chris@umcp-cs.UUCP Newsgroups: net.unix-wizards Subject: Re: Security Problem? Message-ID: <363@umcp-cs.UUCP> Date: Thu, 30-Jun-83 23:07:59 EDT Article-I.D.: umcp-cs.363 Posted: Thu Jun 30 23:07:59 1983 Date-Received: Fri, 1-Jul-83 13:06:23 EDT References: <2652@sri-arpa.UUCP> Organization: Univ. of Maryland, Computer Science Dept. Lines: 28 From: Greg SkinnerSome users stupidly have login and password names the same. This happens often when accounts are newly created and the user is not present at the creation time. If any sites would like to fix that, I have a program called ``newacct'' which is intended to be run by the user getting the account. It reads the login name, full name, passwd, etc, and constructs a mail message (to "mark", but that's a #define) with a nicely complete passwd file entry. No one ever gets to actually see the pasword typed; once the password has been accepted the encrypted one is displayed. It even has a verfiy-password procedure (which currently just checks the length of the password). It uses my windows library, which I'm starting to send to net.sources (I sent documentation early this morning). With a small modification to the password-verifier you'd have a ``secure'' system. ('A course, ya still need to change the password-change-program.) If you want newacct, send me mail. If enough people want it I'll post it to net.sources. - Chris -- UUCP: {seismo,allegra,brl-bmd}!umcp-cs!chris CSNet: chris@umcp-cs ARPA: chris.umcp-cs@UDel-Relay