> > From: apwilson@nospam.socs.uts.EDU.AU
>
> > Peter's concern was that since C2 has been installed, anyone with root's
> > passwd can see all the users passwds unencrypted, and if users were to use
> > the same passwd on the other SoCS machines as they do on Ftoomsh then any
> > sys admin could find out other users passwds for the SoCS machines.
>
> !!!!! This is a new one on me. I thought that the point of C2 was an
> INCREASE in security, not a decrease. Does anyone know what earthly
> reason exists for root to have this extraordinary priviledge?
Just a bit of confusion there. Some people are aware of a hole in C2 and
see this as an opportunity to get peoples accounts on other systems within
UTS as most people have a single password. Of course this is frowned upon,
but what can you do?
Besides, they don't even need to go through C2. If they are root they can
just use those wonderful net-monitoring utilities to snarf passwords.
Things are going to stay this way until we run kerberos and kerberos
clients are available on SoCS and ITD machines.
Perhaps the SoCS system's staff have some criteria which they want
fulfilled before they will allow such a machine, with such administrators,
to hang off their net.
Jimmy