Hi Alan;
Given that the starting CP Directory is dynamically created, for the most
part, today, how hard would it be to allow the installer to select a "root
password" to be applied to all of the initial accounts?
While putting the same password on everything is still not ideal, it is
better than matching the userids and passwords, and would give a bit of
security to the installation system, and to lazy systems programmers.
--
.~. Robert P. Nix Mayo Foundation
/V\ RO-OE-5-55 200 First Street SW
/( )\ 507-284-0844 Rochester, MN 55905
^^-^^ -----
"In theory, theory and practice are the same, but
in practice, theory and practice are different."
On 10/9/07 12:41 AM, "Alan Altmark" <[EMAIL PROTECTED]> wrote:
> On Monday, 10/08/2007 at 05:05 EDT, Marty Zimelis
> <[EMAIL PROTECTED]> wrote:
>> Lionel,
>> "Old news?" You really ought to read this stuff before forwarding
> links to
>> it. In the very first paragraph (after the intro), they show a
> line-mode log
>> on to VM/370 and make reference to 43xx and 30xx processors.
> This material is
>> 30+ years old.
>
> It may be 30+ years old and may have some antique references, but those
> prompts are still in the system and appear on a linemode telnet session.
> The password overlay in linemode hasn't worked properly, of course, since
> CRTs came onto the scene. I suppose I should turn my attention to it one
> of these days....
>
> The system weaknesses it talked about:
> - Allowing passwords on the LOGON and LINK command lines rather than
> unconditionally requiring a prompt when entered from the console.
> - Differentiating between a user that does not exist and an incorrect
> password during LOGON
> - Allowing the DIAL command without prior authentication
> all still exist.
>
> But the true gems in it are about human behavior: Failure to change the
> default passwords, failure to use an ESM to eliminate the need for
> minidisk passwords, failure to reject trivial passwords, failure to set a
> low number for lockout of a userid due to excessive invalid passwords
> within some time interval, putting mdisk passwords in EXECs, and so on.
> Most of those technology cannot fix.
>
> Alan Altmark
> z/VM Development
> IBM Endicott
