On Thu, Jan 24, 2002, Sam Varshavchik <[EMAIL PROTECTED]> wrote: > David Chin writes: > > > > > In message <[EMAIL PROTECTED]>, Sam Varshavchik write > > s: > >> Papo Napolitano writes: > >> > >> > > >> > As I don't trust plaintext passwords in files (no matter the permissions) I > >> > >> If you don't trust POSIX permissions, well, it's time to give up on *NIX > >> completely, and reformat and install NT. > > > > Um, then why are passwords in /etc/shadow encrypted? > > You tell me. I've been wondering about that for years. If you can read > shadow, you've rooted the box already and you don't give a fsck what the > passwords are.
Limit exposure to other breakins. If the passwords are plain text, they can easily use that information to obtain user access on other machines. As much as people advocate using different passwords, reality is users don't and it's something you can't programatically prevent between seperate administrative domains. Security in layers. Regardless, this is moving off topic rapidly. JE _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
