Subject: Re: AFPPasswd Utility (Was: 1.99gb window limit)
From: Cliff Crawford (cjc26@cornell.edu)
Date: Tue Oct 03 2000 - 14:57:34 EDT
* Basil Hussain <basil.hussain@specialreserve.net> menulis:
>
> Well, it doesn't seem that they're stored on the server as plain text
> anymore with 1.4.99, as you now use the supplied afppasswd utility to set
> passwords - which it does by creating a file that is similar in style and
> operation to /etc/passwd.
>
> This is what my file shows (usernames obfuscated for security purposes):
>
> # cat /etc/atalk/afppasswd
> user1:6F6D656761000000:****************:********
o m e g a
> user2:6661737463617200:****************:********
f a s t c a r
> user3:7570776972650000:****************:********
u p w i r e
> user4:77696E646F770000:****************:********
w i n d o w
> user5:6F76657274696D65:****************:********
o v e r t i m e
>
> Not exactly plain text, is it?
No, but it can still easily be decoded, each two characters is an ASCII
code in hexadecimal. Now that you've posted your users' passwords to a
public mailing list, you might want to have them change them..and you
might want to discuss basic password security as well, for example not
using dictionary words :)
--
cliff crawford http://www.people.cornell.edu/pages/cjc26/
"Man, the Internet is so cool." -Robert
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:32:17 EST