From owner-freebsd-hackers  Mon Jun 24 08:28:40 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id IAA29869
          for hackers-outgoing; Mon, 24 Jun 1996 08:28:40 -0700 (PDT)
Received: from rocky.sri.MT.net (rocky.sri.MT.net [204.182.243.10])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id IAA29862
          for <hackers@freebsd.org>; Mon, 24 Jun 1996 08:28:37 -0700 (PDT)
Received: (from nate@localhost) by rocky.sri.MT.net (8.6.12/8.6.12) id JAA20586; Mon, 24 Jun 1996 09:28:31 -0600
Date: Mon, 24 Jun 1996 09:28:31 -0600
From: Nate Williams <nate@sri.MT.net>
Message-Id: <199606241528.JAA20586@rocky.sri.MT.net>
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Cc: hackers@freebsd.org
Subject: Re: adduser mail
In-Reply-To: <11828.835624782@time.cdrom.com>
References: <11828.835624782@time.cdrom.com>
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> Am I alone in thinking that adduser's current default behavior of mailing
> the user their password in plaintext is somehow wrong?

Yep.  If they're able to login to read their email, they already know
their password.  If they don't, then someone else *might* be able to
intercept it somehow.


Nate