|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
what better way of finding out a password ? do people not
brag about their children around the water cooler?
pick every password as if it was root's password was some advice
given to me once. even the password programs that aid in
picking a secure password theoretically limit the keyspace,
at least the ones that try to make them more memorable like
placing a vowel between consonents to make the word pronouncable
anyway, it would be just as easy to uninstall pam than to try and defeat
it with bad passwords, even if it is in a 'trusted' enviroment.
i worked in a place where the login and password where written on the
monitor, the login entry in /etc/passwd allowed only one application to run
with no escapes, a point of sale program that once launched permitted
anybody to ring up a phony sale and get the cash drawer open.
while the person couldn't compromise the system security they could easily
compromise the cash drawer!
this may sound stupid if it weren't for the sequence of events that
eventually
lead to a p-touch label with the username and password written on it stuck
to
the monitor by one of the managers. in this case a manager had successfully
socially-engineered himself!
-----Original Message-----
From: Dennis J. Dougherty <ddougher@PENNCRUSHER.COM>
To: plug@lists.nothinbut.net <plug@lists.nothinbut.net>
Date: Wednesday, June 30, 1999 5:37 PM
Subject: [Plug] Passwords
Does anyone know how to turn down the password security in the PAM
modules so that users are able to use childrens names etc for their pwd.
_______________________________________________
Plug maillist - Plug@lists.nothinbut.net
http://lists.nothinbut.net/mail/listinfo/plug
|
|