[17] in linux-security and linux-alert archive
Re: Shadow Passwords?
daemon@ATHENA.MIT.EDU (Elias Levy)
Mon Mar 6 20:15:39 1995
Date: Mon, 6 Mar 1995 15:20:25 -0800 (PST)
From: Elias Levy <elias@power.net>
To: linux-security@tarsier.cv.nrao.edu
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <m0rljAt-000KjRC@monad.swb.de>
Reply-To: linux-security@tarsier.cv.nrao.edu
On Mon, 6 Mar 1995, Olaf Kirch wrote:
>
> In my opinion, shadow passwords can't be the ultimate in password
> security. The biggest problem I see with them is that they're moot in
> a YP environment. Adding a proactive password checker to passwd and
> yppasswd instead could give you a big advantage over programs such as
> crack that have to chew on the encrypted passwords. Plus it saves you
> a lot of hassle with programs you'd otherwise have to modify (rlogind,
> rshd, ftpd, xdm, and probably a few more).
>
Yep eveyone should use a authentication card and punch it into ones
terminal, of curse if would be public key cryptography :) But for
cheper ones of us SKEY will have to to.
> I remember there was some talk that the new version of crack would
> contain a cracklib that could be easily integrated into other programs.
> Does anyone know more about this?
>
cracklib is there. Do you mean a newwer one? The are actually hooks in
the shadow suite for it. Compiled it here works fine.
> Regards,
> Olaf
> --
> Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
> okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
>
elias@power.net (Elias Levy)
PowerNet, Inc.
