Re: "Small" Bug
On Wed, Mar 15, 2000 at 09:32:21PM +0000, powder keg wrote:
>
> Yes, but you gave those to us. Now, assuming these machines are running
> Hurd (which they're not) if we telnet to your machine and find someone who
> hasn't reset their default passwd...
There are no default passwords. Any good sysadmin won't set accounts to
default passwords.
> No one is going to use the Hurd if you have some sort of nonsense like an
> open login shell.
It's the default, not mandatory. If you don't like it, switch it off.
> >Here is one for you: "root". Probably 90% of all machines have it.
>
> Yeah, but the root account doesn't usually have a simple password like the
> average user has (birthday, mother's maiden name, etc).
Educate your users or loose. Use crack to check if your users behave.
> >To close the case I make the following suggestion: Double the length of the
> >passwords from eight to sixteen. This has the same effect.
>
> This is the dumbest idea I've heard yet. If people can't remember 8-letter
> passwords without scrawling it down in an obvious location, what makes you
> think they'll fare any better with 16-letter ones?
How do you think users will behave with a username and a password, but not
with a username and a longer password?
Thanks,
Marcus
--
`Rhubarb is no Egyptian god.' Debian http://www.debian.org Check Key server
Marcus Brinkmann GNU http://www.gnu.org for public PGP Key
Marcus.Brinkmann@ruhr-uni-bochum.de, marcus@gnu.org PGP Key ID 36E7CD09
http://homepage.ruhr-uni-bochum.de/Marcus.Brinkmann/ brinkmd@debian.org
Reply to: