shell script

m.roth2006 at rcn.com m.roth2006 at rcn.com
Mon Apr 7 17:03:50 UTC 2008 

Steve,

>Date: Mon, 07 Apr 2008 10:01:57 -0600
>From: Steve Phillips <steve at focb.co.nz>  
>
>mark wrote:
>> Ok, I've never had to create a thousand new users....
>> 
>> Paul M. Whitney wrote:
>>> In that wrapper script, you could also generate a changeme type password but
>>> also append some unique character to each one such as first and last letter
>> 
>> Or the student's ID would work (unless the college uses SSN (WHICH THEY SHOULD
>> NOT), in which case it's back to generating one.
>
>Sorry to be pedantic but..
>
>Student ID ? easy to get - 'hi, whats your student ID number ?' or 'hey, 
>can I see your student ID card', people don't treat these 

One student to another? Are that many of them that naieve?

> things as 
>'private' and if you are using this as a first time password, it would 
>be relatively trivial to crack if someone were determined.
>
>And appending a couple of characters ? it would take seconds for a 
>dictionary bash to go through every possible combination, and while this 
>_may_ show up in the logs, how often do you sit at your desk simply 
>watching logs scroll, I am guessing you have real work to do.
>
Sounds like a job for a perl script to me. 
<snip>
>as soon as you work out a password 'system' then someone can reverse 
>engineer it and exploit it, completely random, changed on 

True, or you can go for Real Security, as they have at work: I have an entire page of freaking passwords for different system   (except for the "lab", of which I am one of two admins, and I put LDAP in, so there's only one to worry 'bout). I have *never* had to write passwords down before, but with so many different systems, with different requirements (change it every month/90 days/six months, oh, 5/8 chars difference is "too similar"/oh, it can't start or end with a number, and btw, you have to stand on one leg and rub your tummy while typing it in...), they've really helped the social engineering of passwords, since I assume most folks are writing them down and putting them somewhere convenient.
<snip>
>pair them with the username in a file somewhere, print them out, cut the 
>resulting print out up and hand them to the students when they first 
>arrive. If the student cant find it within themselves to type 8 
>characters on a keyboard when they first arrive then they don't deserve 
>to use the computers.
>
Yup. You *do* know the story about the Apple tech support guy and the guy with the blank screen, right?
<snip>
>This has little to do with assisting in preventing account compromises 
>as most accounts would be compromised within the 15 day period :-)

*snort*
<snip>

   mark

More information about the redhat-list mailing list