[1067] in SIPB-AFS-requests
Re: should we restrict rosebud login access?
daemon@ATHENA.MIT.EDU (mhpower@athena.mit.edu)
Tue Jul 27 22:47:17 1993
From: mhpower@athena.mit.edu
To: ckclark@athena.mit.edu
Cc: jik@athena.mit.edu, sipb-afsreq@athena.mit.edu
In-Reply-To: [1064] in SIPB-AFS-requests
Date: Tue, 27 Jul 93 22:47:00 EDT
>When it gets one, the same scripts can be used to add users to it
>were used on rosebud.
Actually, I don't believe there are any scripts that correctly
maintain the login configuration files on rosebud (/etc/{group,passwd}
/etc/security/{environ,limits,passwd,user}). I've been maintaining
them manually, usually adding new users just after they get voted in
as a SIPB member. I realize this is suboptimal, and have been planning
on automating it at some point.
One thing it'll have to support is an exclusion list of the SIPB
members who have weak passwords. I happen to think that people whose
password is, e.g., "foo" shouldn't be able to login to server
machines, and this is somewhat implemented on charon and rosebud.
> ... Heck, we can just copy most of /etc/security
>from rosebud wholesale if we want.
Right, copying should work fine. I believe the only important
difference is the encrypted root password in /etc/security/passwd.
Matt
