XBR1D65W@DDATHD21.BITNET (HAJO SCHMITT) (02/03/90)
We have the same problem with "lost passwords" on a 2.15 Rev. A server. Even if the "Password required" flag is set, the user can log in without even be asked for a password. The problem occurs after we entered 350 users with MAKEUSER and the expiration date has been encountered. (First i wan't beleive students telling me, that they can log in without passwords). The error doesn't occur on every account. The only fix of the problem til now: enter SYSCON, set the password required flag to NO and back to YES (manualy!). After doing so the security mechanism works as it should. I believe this is a severe security problem and Novell should fix it. Hans-Jochen Schmitt Technical University Darmstadt West-Germany
LSRGS@UCLAAIS.BITNET (Glenn Scott) (02/06/90)
> We have the same problem with "lost passwords" on a 2.15 Rev. A server. > Even if the "Password required" flag is set, the user can log in without > even be asked for a password. > The problem occurs after we entered 350 users with MAKEUSER and the > expiration date has been encountered. > That *must* be the culprit... MAKEUSER. We did the same thing... installed a server and created a couple hundred accounts. > The only fix of the problem til now: enter SYSCON, set the password > required flag to NO and back to YES (manualy!). After doing so the > security mechanism works as it should. We tried this and it seems to be working. > > I believe this is a severe security problem and Novell should fix it. > You better believe it is! Anyone else have this problem? I mean, anytime a system just "loses" passwords it makes me start to squirm. What bugs me even more is my users weren't telling me! I think they thought it was some kind of benefit! Argh! Glenn Scott Honors and Undergraduate Programs / Info Services
Tim_Munro@CARLETON.CA (02/07/90)
For the record, I have NEVER used MAKEUSER, and I have NEVER had a password problem.. Tim <Tim_Munro@carleton.ca> Fax:(613) 788-4448 Voice:(613) 788-3722