Re: Circle: Re: CRYPT

From: Jeremy Elson (
Date: 04/22/95

> > > there are several reasons one may want to have access to the passwords of
> > > their users, and i dont feel it's unreasonable or unethical.

> > There is no reason whatsoever any sysadmin would ever need to know
> > passwords of his users.  Keeping passwords in plaintext is nothing but
> > a recipie for disaster.

> i disagree, and who said anything about plaintext or storage? they're 
> already stored in the pfile, why would you want to store them externally, 
> and in plain text? _that_ is a 'recipie for disaster'.

Who said anything about storing passwords externally?  Obviously I know that
passwords are in the pfile, but they are encrypted as long as your libc
supports crypt().  I am confused by your statement 'who said anything about
plaintext' -- what's the difference between keeping passwords in plaintext
or using a reversable crypt algorithm, and "having access to the passwords
of users" as you said in your original message?

These semantics aside, my original point stands - there is no reason at all
a sysadmin would ever need to know the passwords of his users.


This archive was generated by hypermail 2b30 : 12/07/00 PST