Subject: Re: AFPPasswd Utility (Was: 1.99gb window limit)
From: Basil Hussain (basil.hussain@specialreserve.net)
Date: Wed Oct 04 2000 - 06:39:57 EDT
Hi,
> No, but it can still easily be decoded, each two characters is an ASCII
> code in hexadecimal. Now that you've posted your users' passwords to a
> public mailing list, you might want to have them change them..and you
> might want to discuss basic password security as well, for example not
> using dictionary words :)
Hmm, so it is still basically 'plain text', but just in another form. Don't
worry about those passwords, they were changed afterwards. Besides, what
good's a password without a username and knowing which host they're from?
Anyway, you've made me remember something else to-do with afppasswd. Now, I
know it's A Good Thing to use long, alpha-numeric passwords, but the trouble
is, users just can't remember them! One thing I found using the afppasswd
utility is that by default it doesn't allow you to set dictionary-based
passwords (it uses cracklib to check, IIRC) unless you use the '-n' flag.
This is sensible, but I think the default should be more like the passwd
utility, where it warns you sternly about setting a bad password, but still
lets you do it.
Regards,
------------------------------------------------
Basil Hussain (basil.hussain@specialreserve.net)
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:32:19 EST