From owner-freebsd-hackers Tue Nov 4 15:33:54 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id PAA18201 for hackers-outgoing; Tue, 4 Nov 1997 15:33:54 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from usr02.primenet.com (tlambert@usr02.primenet.com [206.165.6.202]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA18191 for ; Tue, 4 Nov 1997 15:33:47 -0800 (PST) (envelope-from tlambert@usr02.primenet.com) Received: (from tlambert@localhost) by usr02.primenet.com (8.8.5/8.8.5) id QAA24121; Tue, 4 Nov 1997 16:33:30 -0700 (MST) From: Terry Lambert Message-Id: <199711042333.QAA24121@usr02.primenet.com> Subject: Re: Password verification (Was: cvs commit: ports/x11/kdebase - Imported sources) To: eivind@bitbox.follo.net (Eivind Eklund) Date: Tue, 4 Nov 1997 23:33:29 +0000 (GMT) Cc: tom@sdf.com, hackers@FreeBSD.ORG In-Reply-To: <19971103191349.30502@bitbox.follo.net> from "Eivind Eklund" at Nov 3, 97 07:13:49 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > > Is it restricted to only let a user check his own password? Or could > > > we make it only check a users own password fairly easily? > > > > How would that be useful? > > Security. If a user can check other people's passwords, he can > brute-force passwords. If he can't, he can't. :-) /usr/bin/login rshd telnetd rlogind pop3d ....uh, the user can already check other peoples passwords this way. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.