Lyndon Nerenberg writes:
 > >>>>> "Garrett" == Garrett Wollman <[EMAIL PROTECTED]> writes:
 >     Garrett> I remember, back in the mists of ancient time, it was
 >     Garrett> common practice to provide ``anonymous UUCP'' service
 >     Garrett> along the lines of anonymous FTP in (what was at that
 >     Garrett> time) ARPANET.  
 > Yup, I used to run one of those (ncc). osu-cis was probably the
 > grandaddy of the anonymous UUCP sites. The convention seemed to be to
 > use the login 'nuucp' for anonymous passwordless access. (And I
 > wouldn't call it common -- there were only a handful sites that
 > provided this type of service.)

The convention was to use ``uucp'' as the default anonymous login
service.  Some people had the mistaken impression that there was some
sort of "hole" in the uucp system which was caused by using uucp as a
default login for uucp service.  No such hole existed in modern uucico
processes, although there were bugs in early uucico (7th Edition
vintage) which may be the reason that these rumors started.

Of course, it didn't hurt the spread of these rumors that most BSD sites
were stuck in the 7th Edition heritage and never actually caught up to
the modern HoneyDanBer uucp.  With the HoneyDanBer uucp, there were no
security holes in uucico and it was completely safe to use uucp as an
anonymous login service.  However, most university sites mistakenly
perpetuated the nuucp service, mostly for administrative reasons.

That said, for max security it is always useful to have each site have
its own login, up to a point.  Some large uucp sites used to use common
logins simply because there was so little security risk (especially with
HoneyDanBer variety).  Certainly, anonymous uucp is more secure than
anonymous ftp.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to