[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | DIGITAL UNIX�(FORMERLY KNOWN AS DEC OSF/1) |
| Notice: | Welcome to the Digital UNIX Conference |
| Moderator: | SMURF::DENHAM |
|
| Created: | Thu Mar 16 1995 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 10068 |
| Total number of notes: | 35879 |
9784.0. "dxaccounts does not check new password /Minlen/History" by EVTAI1::BROCHARD (Manuel Brochard - French CSC) Mon May 12 1997 13:07
Hi,
One customer running C2 security under Digital Unix v4.0A has noticed
that under the dxaccounts GUI he can change user password without
any check of any "password controls" or "password options" that had
been set for this user.
ie :
He can put a 2 characters long password, regardless of the
minimum lenght of 10 defined for this user.
Password history or Triviality checks aren't perform.
I know that "root is root" and root is able to do what he wants under
dxaccounts, but from customer point of vue, at least a warning
message should be issue.
If root execute the
# passwd user command from command line these checks are performed..
why not under dxaccounts ?
I didn't saw any restriction in the "security" documentation.
did I miss something ?
Thanks for advices,
Manuel.
| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 9784.1 | | GERUND::WOLFE | I'm going to huff, and puff, and blow your house down | Tue May 13 1997 00:16 | 6 |
| I'm pretty sure this was intentional and follows the "root is root" philosophy
as you've described. However, I also agree that it should issue a
warning or maybe have a mode where the sysadmin is treated like the user.
I've forwarded this note to the DRI's.
pete
|