[1039] in Kerberos
Re: Trivial passwords
daemon@ATHENA.MIT.EDU (marc@MIT.EDU)
Wed Jun 20 19:02:09 1990
From: marc@MIT.EDU
To: Michael P. Ressler <mpr@SUSHI.CTT.BELLCORE.COM>
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: [1038] in Kerberos
Reply-To: marc@MIT.EDU
Date: Wed, 20 Jun 90 18:10:33 EDT
I think you misunderstand the use of these demo accounts. For
instance, I just set up a system using kerberos for DECworld. The
accounts all have a password of "demo". This is so people can come up
to a machine and just log in. Security is not what we are demoing
here; if it were, I would choose "good" passwords. Since it's not,
forcing people to remember "good" passwords is unnecessary and
cumbersome for the demoers and the demoees. If the server mandated
good passwords, I would not be able to have a simple system. If the
client did, I would find the "kbadpasswd" program and use that,
instead. I like what berkeley passwd does: if you insist enough, a
short or badly formed password will be accepted.
So, in this case, I maintain that a "good" password would be
inappropriate.
Test accounts are another matter. There was a widely known test
account (no doubt the rtm virus list would have hit the pw) at athena
which was just removed. A new test account was created, and that
password is only being given to people who need it.
Marc Horowitz
