On Thu, Jun 22, 2000 at 04:34:08PM -0400, Warren Mansur <[EMAIL PROTECTED]>
wrote:
> At least in Linux, if you are root, and you don't know the other user's password,
> then you can go to /etc/shadow (/etc/passwd on other unix systems). Once there,
> you completely remove the encrypted password. Then, you can log in regularly as
> that user, specifying no password (since it was just removed from /etc/passwd).
> The password authentication passes because no password is exactly what is in the
> /etc/passwd file. Then you can change their password with no problem.
>
> So, passwd doesn't protect the password from being changed if you are root, even
> though it asks for the previous password. It probably is the same in Tru64 and
> yppasswd unless it does things totally differently than other UNIX environments.
Huh? If you are using NIS, the only stuff in /etc/passwd is
local. Hence, there's nothing to remove to begin with. If you
decided to add the other user, you still wouldn't get access to their
files, as they aren't being exported to your machine. Tru64, at
least, appears to do a pretty good job of saying "sure, you're root
there, but are you root *here*".
--
Bob Bell Compaq Computer Corporation
Software Engineer 110 Spit Brook Rd - ZKO3-3/U14
TruCluster Group Nashua, NH 03062-2698
[EMAIL PROTECTED] 603-884-0595
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
