rosenblg@cmcl2.NYU.EDU (Gary J. Rosenblum) (09/12/90)
Background - Ultrix 4.0 installed, ENHANCED security enabled. (Using the auth database). The way it is distributed, the root and field accounts both have uid 0, gid 1. Problem is, when you set the password for root, field gets set the same, and vice-versa. This is due to the uid being the key into the database. This is not "fatal", but it might introduce problems to the non-wary ranging from passwords seemingly changing, to a security hole. BTW: Would getauthuid return, on subsequent calls, the other entries if they existed (I don't have source yet).
D. Allen [CGL]) (09/13/90)
In article <48811@cmcl2.NYU.EDU> rosenblg@cmcl2.NYU.EDU (Gary J. Rosenblum) writes: >Background - Ultrix 4.0 installed, ENHANCED security enabled. > (Using the auth database). > >The way it is distributed, the root and field accounts both have >uid 0, gid 1. Problem is, when you set the password for root, >field gets set the same, and vice-versa. This is due to the uid >being the key into the database. This is not "fatal", but it might >introduce problems to the non-wary ranging from passwords seemingly >changing, to a security hole. Oh dear. Does this mean I can't have different uucp logins using the same uucp uid? Will they all have to have the same password? -- -IAN! (Ian! D. Allen) idallen@watcgl.uwaterloo.ca idallen@watcgl.waterloo.edu [129.97.128.64] Computer Graphics Lab/University of Waterloo/Ontario/Canada