Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10 5/3/83; site umcp-cs.UUCP
Path: utzoo!linus!philabs!seismo!rlgvax!cvl!umcp-cs!chris
From: chris@umcp-cs.UUCP
Newsgroups: net.unix-wizards
Subject: Re:  Security Problem?
Message-ID: <363@umcp-cs.UUCP>
Date: Thu, 30-Jun-83 23:07:59 EDT
Article-I.D.: umcp-cs.363
Posted: Thu Jun 30 23:07:59 1983
Date-Received: Fri, 1-Jul-83 13:06:23 EDT
References: <2652@sri-arpa.UUCP>
Organization: Univ. of Maryland, Computer Science Dept.
Lines: 28


	From:  Greg Skinner 

	Some  users  stupidly  have  login and password names the same.
	This happens often when accounts are newly created and the user
	is not present at the creation time.

If  any  sites  would  like  to  fix  that,  I  have  a  program called
``newacct'' which is intended  to  be  run  by  the  user  getting  the
account.    It  reads  the  login  name,  full  name,  passwd, etc, and
constructs a mail message (to "mark", but  that's  a  #define)  with  a
nicely  complete  passwd  file entry.  No one ever gets to actually see
the pasword typed; once the password has been  accepted  the  encrypted
one  is  displayed.    It  even  has a verfiy-password procedure (which
currently just checks the length of the password).  It uses my  windows
library,  which  I'm  starting  to  send  to  net.sources    (I    sent
documentation  early  this  morning).  With a small modification to the
password-verifier you'd have a ``secure'' system.  ('A course, ya still
need to change the password-change-program.)

If  you want newacct, send me mail.  If enough people want it I'll post
it to net.sources.

				- Chris
-- 
UUCP:	{seismo,allegra,brl-bmd}!umcp-cs!chris
CSNet:	chris@umcp-cs
ARPA:	chris.umcp-cs@UDel-Relay