On Sat, May 06, 2006 at 05:30:21PM -0700, Eric Furman wrote: > --- Peter Fraser <[EMAIL PROTECTED]> wrote: > > I was very surprised, that when I was installing > > a 3.9 system, that you can use an empty root > > password > > > > I accidentally entered a 'return' when it asked for > > the > > root password, so I entered a 'return" again when > > I was asked to repeat the password, thinking that > > a empty password would be denied, and I would be > > asked > > again. > > This is a feature, not a bug. > And I'm not being sarcastic. :-) > What if you have a test machine not connected > to any network and is physically secure > and you need to log on as root alot. It would > be nice to not have to enter any password if > you didn't want to. This is normal UNIX > behaviour. The OpenBSD people aren't going > to 'force' you to do everything securely. > They just give you the means and tools > to be so. It's up to you to use them correctly. > (Not that the scenario above is a 'good' idea. > It's just that I 'should' be able to do it > if I so choose)
Yes, and I think there is another point. If administrators are so dump to use an emtpy password on internet servers, it wouldn't be usefull to force a password. Those people will find enough other ways to make the system insecure.. Even OpenBSD is only as secure as the monky sitting in front of it. Jonathan -- | /"\ ASCII Ribbon | Jonathan Glaschke - Lorenz-Goertz-Strasse 71, | \ / Campaign Against | 41238 Moenchengladbach, Germany; | X HTML In Mail | jabber: [EMAIL PROTECTED] | / \ And News | http://jonathan-glaschke.de/ [demime 1.01d removed an attachment of type application/pgp-signature]
