On Sun, 2006-04-30 at 21:21 +0200, Tom Bachmann wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jonathan S. Shapiro wrote: > > Apparently I did not see it. Here is the essential question: > > > > /sbin/passwd requires the authority to write the password database, > > which the user does not have. > > Wrong. In my proposal she has the authority because there is no real > ``password database''. There is just a file (say ~/.passwd) that > contains the hash of the users password.
So you propose that the system-wide login process should have the ability to read all of these files, but each user should have the ability write their own? This is clever. How do you propose to address the following issues? 1. There are overwhelmingly compelling reasons to set policies against stupid passwords. This is why cracklib exists -- one bad password endangers an entire system. This implies that even if the user owns the password file, we wish to restrict the conditions under which that file can be written. Indeed, using a purely user-defined authentication methods are a bad idea because of this. 2. I'm not sure how something like 'su fred' would be implemented in this style of system. 3. What happens when the user accidentally deletes their password file? shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
