[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netatalk-devel
Subject:    [Netatalk-devel] Re: AFPPasswd Utility (Was: 1.99gb window limit)
From:       jeff b <jeff () univrel ! pr ! uconn ! edu>
Date:       2000-10-04 12:49:59
[Download RAW message or body]

Basil Hussain wrote:
> 
> Hi,
> 
> > No, but it can still easily be decoded, each two characters is an
> > ASCII code in hexadecimal.  Now that you've posted your users'
> > passwords to a public mailing list, you might want to have them change
> > them..and you might want to discuss basic password security as well,
> > for example not using dictionary words :)
> 
> Hmm, so it is still basically 'plain text', but just in another form.
> Don't worry about those passwords, they were changed afterwards.
> Besides, what good's a password without a username and knowing which
> host they're from?
> 
> Anyway, you've made me remember something else to-do with afppasswd.
> Now, I know it's A Good Thing to use long, alpha-numeric passwords, but
> the trouble is, users just can't remember them! One thing I found using
> the afppasswd utility is that by default it doesn't allow you to set
> dictionary-based passwords (it uses cracklib to check, IIRC) unless you
> use the '-n' flag. This is sensible, but I think the default should be 
> more like the passwd utility, where it warns you sternly about setting a
> bad password, but still lets you do it.

I think I'm the guilty party responsible for the -n flag. I will modify
the behavior if there are no objections, but this comes down to a basic
sysadmin PEBKAC problem (Problem Exists Between Keyboard And Chair) that
users want the power of using networked computers, but don't want the
added responsibility of security. Kind of like driving a car, but
refusing to use your headlights at night because they are an extra
hassle to remember to turn on.

jeff

(with apologies for the cross-post. developers might want to comment on
the afppasswd change)

[prev in list] [next in list] [prev in thread] [next in thread]