Path: utzoo!attcan!uunet!vsi!friedl
From: friedl@vsi.COM (Stephen J. Friedl)
Newsgroups: comp.unix.wizards
Subject: Re: password aging
Summary: shadow passwords are a good idea
Message-ID: <956@vsi.COM>
Date: 29 Nov 88 19:50:23 GMT
References: <17648@adm.BRL.MIL> <9001@smoke.BRL.MIL>
Organization: V-Systems, Inc. -- Santa Ana, CA
Lines: 25

In article <9001@smoke.BRL.MIL>, gwyn@smoke.BRL.MIL (Doug Gwyn ) writes:
> 
> In response to Barry's suggestion that shadow (really, non-public)
> password files are a panicky reaction to the Internet worm/virus:
> I've recommended this for years.  AT&T adopted it for its MLS UNIX
> well before the virus scare.  If done right, it adds a significant
> amount of security to the typical UNIX system.  It's a good idea.

A good idea indeed.  It does increase the complexity of the password
code, but it can really foil a cracker.  There are people out there
(i.e., `me in a former life') who are fairly adept at converting an
/etc/passwd file into a handful of logins given a couple of hours of
processor time, a good list of sample passwords, and software to
automate the task.  Shadow passwords will cut this down in a pretty
big way.

How many of you have done 'grep :: /etc/passwd' on a machine?

      Steve

-- 
Steve Friedl    V-Systems, Inc.  +1 714 545 6442    3B2-kind-of-guy
friedl@vsi.com     {backbones}!vsi.com!friedl    attmail!vsi!friedl
---------Nancy Reagan on cutting the grass: "Just say mow"---------
:wq!