From owner-freebsd-hackers  Mon Jun 24 08:43:26 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id IAA00974
          for hackers-outgoing; Mon, 24 Jun 1996 08:43:26 -0700 (PDT)
Received: from skipper.epsilon.nl (skipper.epsilon.nl [194.178.91.12])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id IAA00954
          for <hackers@freebsd.org>; Mon, 24 Jun 1996 08:43:13 -0700 (PDT)
Received: from skipper.epsilon.nl (localhost [127.0.0.1]) by skipper.epsilon.nl (8.6.12/8.6.12) with SMTP id RAA15612; Mon, 24 Jun 1996 17:38:45 +0200
Message-ID: <31CEB685.41C67EA6@epsilon.nl>
Date: Mon, 24 Jun 1996 17:38:45 +0200
From: Jouke Dijkstra <jouke@epsilon.nl>
Organization: Epsilon Computer Support
X-Mailer: Mozilla 2.0 (X11; I; FreeBSD 2.1.0-RELEASE i386)
MIME-Version: 1.0
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
CC: hackers@freebsd.org
Subject: Re: adduser mail
References: <11828.835624782@time.cdrom.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Jordan K. Hubbard wrote:
> 
> Am I alone in thinking that adduser's current default behavior of mailing
> the user their password in plaintext is somehow wrong?
> 
>                                         Jordan

This tweaks my mind. It's a users initial password. No-one can read
without knowing it. If somebody knows it, he does not have to read it.
Only someone who's hacked root can read it, but someone who did that
will not be interested in the password.. 
There is one danger though.. If the mail is send to another host by
MX records, the password can be snooped.

- Jouke