Todd Walton wrote:
On Nov 29, 2007 1:32 PM, Michael O'Keefe <[EMAIL PROTECTED]> wrote:
So your problem is local root exploit
Fix the problem, don't hide it by making users change their passwd.
or do you trust your users to not use the root exploit, just becoz ...
Do your users have no authority or access that could be abused? The
admin assistant has no access to sensitive company information? As
long as he's not root on the box, right?
Again, ask the admin, not me.
I'm the user that's being inconvenienced by password rotation on systems
where I think they shouldn't even USE the system if it's THAT fragile
that passwords NEED to be rotated
I've got one system where they make me change the password every 30
days, but don't have a re-use policy. So I change it to X, and then
straight back to my original passwd. What was the point ?
--
Michael O'Keefe | [EMAIL PROTECTED]
Live on and Ride an 06 BMW R12GS HP2 | [EMAIL PROTECTED] / |
I like less more or less less than |Work:+1 858 845 3514 / |
more. UNIX-live it,love it,fork() it |Fax :+1 858 845 2652 /_p_|
My views are MINE ALONE, blah, blah, |Home:+1 760 788 1296 \`O'|
blah, yackety yack - don't come back |Fax :+1 858 _/_\|_,
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
