Steve Langasek wrote: > > If you don't trust the local system administrator with your password, you > shouldn't be giving that password to a piece of software that he has control > over, *PERIOD*. He doesn't need PAM's help to get at that information. > Whether PAM logs usernames from failed logins is inconsequential in comparison > to the problems you face if you believe your system administrator has > malicious intentions. > I *don't* trust the administrator with my password. It's kept on the other side of a one-way function for precisely that reason. Passwords are not kept in clear *PERIOD**. If you don't understand why, think about how often people have different passwords for different machines or purposes. If you are still don't see why, then I'll try to explain. jch * There are cases where pass phrases need to be available in their original form, but, in these cases the software goes to a hell of a lot of trouble to make sure that they are properly protected.
begin:vcard n:Haxby;John tel;fax:+44 1344 763686 tel;work:+44 1344 763711 x-mozilla-html:FALSE url:https://ecardfile.com/id/jch org:OpenMail R&D adr:;;Hewlett Packard<br>Nine Mile Ride;Wokingham;Berks;RG40 3LL;United Kingdom version:2.1 email;internet:jch@pwd.hp.com note;quoted-printable:<em>OpenMail for All!</em> =3B<img src=3D"http://www.openmail.com/cyc/om/00/graphics/omlinux.jpg"; width=3D53 height=3D62 align=3Dbottom> x-mozilla-cpt:;25408 fn:John Haxby end:vcard
![http://www.openmail.com/cyc/om/00/graphics/omlinux.jpg"](http://www.openmail.com/cyc/om/00/graphics/omlinux.jpg"){kind=link}