Re: Automatic password changing

To: Brian May <bam@debian.org>
Cc: debian-security@lists.debian.org
Subject: Re: Automatic password changing
From: Sebastian Stark <stark@komcept.de>
Date: Thu, 23 Mar 2000 11:29:43 +0100 (CET)
Message-id: <[🔎] Pine.LNX.3.96.1000323112346.10877C-100000@javaanse.institut.komcept.de>
In-reply-to: <[🔎] 841z52yum0.fsf@snoopy.apana.org.au>

On 23 Mar 2000, Brian May wrote:

>     Tim> 	perl -npi.bak -e 's/^root:[^:]*:/root:pants/o'
>     Tim> /etc/shadow
> Just a nitpick for the very security paranoid (ie myself!):
> The encrypted password will show up in the ps listing...
> Out of curiosity: Is there anyway to avoid this?

put the script in a file and do a "perl <file>". well, now for the _real_
paranoid: how do you delete it from memory? :)

i think automatic pw changing is a very ugly thing. and i don't think that
it provides any extra security.

i heard of someone how changed the password periodically (good idea) BUT:
to avoid telling the other sysadmins the new password, he choosed to set
it to the actual date so they can look at the calendar to find it out...

*sigh*
sebastian

Reply to:

References:
- Re: Automatic password changing
  - From: Brian May <bam@debian.org>

Prev by Date: unsubscruibe
Next by Date: Re: Automatic password changing
Previous by thread: Re: Automatic password changing
Next by thread: Re: Automatic password changing
Index(es):
- Date
- Thread