From owner-freebsd-current  Wed Nov 29 14:21:22 1995
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id OAA25910
          for current-outgoing; Wed, 29 Nov 1995 14:21:22 -0800
Received: from ibp.ibp.fr (ibp.ibp.fr [132.227.60.30])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id OAA25902
          for <freebsd-current@freebsd.org>; Wed, 29 Nov 1995 14:21:17 -0800
Received: from blaise.ibp.fr (blaise.ibp.fr [132.227.60.1])
	by ibp.ibp.fr (8.6.12/jtpda-5.0) with ESMTP id XAA05118
	; Wed, 29 Nov 1995 23:21:09 +0100
Received: from (uucp@localhost)
	by blaise.ibp.fr (8.6.12/jtpda-5.0) with UUCP id XAA17138
	; Wed, 29 Nov 1995 23:21:08 +0100
Received: (from roberto@localhost) by keltia.freenix.fr (8.7.1/keltia-uucp-2.6) id WAA03797; Wed, 29 Nov 1995 22:47:24 +0100 (MET)
From: Ollivier Robert <roberto@keltia.freenix.fr>
Message-Id: <199511292147.WAA03797@keltia.freenix.fr>
Subject: Re: schg flag on make world in -CURRENT
To: terry@lambert.org (Terry Lambert)
Date: Wed, 29 Nov 1995 22:47:24 +0100 (MET)
Cc: jkh@time.cdrom.com, terry@lambert.org, joerg_wunsch@uriah.heep.sax.de,
        freebsd-current@freebsd.org
In-Reply-To: <199511290220.TAA26615@phaeton.artisoft.com> from "Terry Lambert" at Nov 28, 95 07:20:50 pm
X-Operating-System: FreeBSD 2.2-CURRENT ctm#1378
X-Mailer: ELM [version 2.4 PL24 ME8b]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-current@freebsd.org
Precedence: bulk

It seems that Terry Lambert said:
> The reason that the lines aren't secure by default is that you don't
> want to have the root password working while a line snooper is catching
> the packets with it in it.

There is a sentence everyone should use nowadays:

"Thou shalt not type a password in the clear across [almost] any network"

If you're concerned about  security, you use  either Kerberos/S-Key  (but I
think this is not enough) or  you use an encrypting  program like the great
SSH.  Even using S/Key   for both login and   su is now  silly.  You should
protect your whole session if you're an administrator.

Clear-text asswords should be dead. Period. 

Arguing  about  "secure"  on pty is   not enough.  Logging as  "root"  is a
mistake, especially across a network.
-- 
Ollivier ROBERT    -=- The daemon is FREE! -=-    roberto@keltia.frmug.fr.net
   FreeBSD keltia.freenix.fr 2.2-CURRENT #7: Mon Nov  6 21:08:06 MET 1995