Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!rochester!ken
From: ken@rochester.arpa (Ken Yap)
Newsgroups: comp.unix.wizards
Subject: Re: UNIX - the "don't worry about it" operating system?
Message-ID: <464@sol.ARPA>
Date: Mon, 6-Jul-87 10:29:39 EDT
Article-I.D.: sol.464
Posted: Mon Jul  6 10:29:39 1987
Date-Received: Tue, 7-Jul-87 03:07:47 EDT
References: <1089@killer.UUCP> <130@ssvs.gsfc.nasa.gov>
Reply-To: ken@rochester.UUCP (Ken Yap)
Distribution: world
Organization: U of Rochester, CS Dept, Rochester, NY
Lines: 14

|How do you propose to set initial passwords without having them in the clear
|at some point in time?  As for finding the file, presumably it is protected

I once used a student registration system in which a student would meet
their TA, who verified their student ID.  The TA then started a
registration program and handed the keyboard to the student. This
program prompted the student for info and asked for a suitable password
which was then immediately encrypted.  The password existed in
cleartext only in the student's head and while being entered.  Later
the collected info was merged into the password file.  I don't know why
online registration isn't used more. It would reduce password leaks and
provide a guided first encounter with the machine.

	Ken