Showing messages 1 through 2 of 2.

• A Joke?
  2004-06-28 10:24:03  Speedy [Reply | View]
  
  
  Today's larger organizations often have more than one computer. Sometimes, a user will make their password the same on one system as it is on another. "One sign-on" or "Single sign-on" solutions contribute to this phenomenon.
  
  So, while if focused on a single system, you have a point. If the scope of an attack and penetration effort encompasses more than that, then it could be the thread that unravels the entire sweater.
  
  That's beside the point, however. If there's a hole, it should be plugged.

• A Joke?
  2004-06-28 09:39:49  Nitesh Dhanjani | [Reply | View]
  
  
  You(root) could copy my directory or my files or delete my account or do whatever you want. But an Operating System should not allow you(root) to view my plain text password so easily.
  
  
  An administrator may set my initial password, but I can change it. Infact if you are a good administrator, you should recommend that users change their password the first time they log on.
  
  I am NOT saying that root cannot do anything he or she wants. I am suggesting that an Operating System should attempt its best to not store passwords in clear text to make it so easy for root or anyone else to obtain your plain text passsword. That is the whole point behind /etc/shadow, and the reason Operating Systems these days do not store user passwords in clear text. Here's another way of thinking about it: if root can obtain user passwords in clear text anyways, what is the point of /etc/shadow? Why not just create an /etc/shadow that is readable by root and store user passwords in clear text there?