Steve, >Date: Mon, 07 Apr 2008 10:01:57 -0600 >From: Steve Phillips <steve@xxxxxxxxxx> > >mark wrote: >> Ok, I've never had to create a thousand new users.... >> >> Paul M. Whitney wrote: >>> In that wrapper script, you could also generate a changeme type password but >>> also append some unique character to each one such as first and last letter >> >> Or the student's ID would work (unless the college uses SSN (WHICH THEY SHOULD >> NOT), in which case it's back to generating one. > >Sorry to be pedantic but.. > >Student ID ? easy to get - 'hi, whats your student ID number ?' or 'hey, >can I see your student ID card', people don't treat these One student to another? Are that many of them that naieve? > things as >'private' and if you are using this as a first time password, it would >be relatively trivial to crack if someone were determined. > >And appending a couple of characters ? it would take seconds for a >dictionary bash to go through every possible combination, and while this >_may_ show up in the logs, how often do you sit at your desk simply >watching logs scroll, I am guessing you have real work to do. > Sounds like a job for a perl script to me. <snip> >as soon as you work out a password 'system' then someone can reverse >engineer it and exploit it, completely random, changed on True, or you can go for Real Security, as they have at work: I have an entire page of freaking passwords for different system (except for the "lab", of which I am one of two admins, and I put LDAP in, so there's only one to worry 'bout). I have *never* had to write passwords down before, but with so many different systems, with different requirements (change it every month/90 days/six months, oh, 5/8 chars difference is "too similar"/oh, it can't start or end with a number, and btw, you have to stand on one leg and rub your tummy while typing it in...), they've really helped the social engineering of passwords, since I assume most folks are writing them down and putting them somewhere convenient. <snip> >pair them with the username in a file somewhere, print them out, cut the >resulting print out up and hand them to the students when they first >arrive. If the student cant find it within themselves to type 8 >characters on a keyboard when they first arrive then they don't deserve >to use the computers. > Yup. You *do* know the story about the Apple tech support guy and the guy with the blank screen, right? <snip> >This has little to do with assisting in preventing account compromises >as most accounts would be compromised within the 15 day period :-) *snort* <snip> mark -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
