*BSD News Article 60522


Return to BSD News archive

#! rnews 1490 bsd
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.bhp.com.au!mel.dit.csiro.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.eng.convex.com!hermes.oc.com!news.unt.edu!cs.utexas.edu!howland.reston.ans.net!gatech!newsfeed.internetmci.com!chi-news.cic.net!mr.net!winternet.com!visi.com!usenet
From: "Bigfoot (Guy Gustavson)" <bigfoot@visi.com>
Newsgroups: comp.unix.bsd.freebsd.misc,comp.unix.admin
Subject: Re: Password security
Date: Thu, 25 Jan 1996 10:19:23 -0600
Organization: Vector Internet Services, Inc.
Lines: 13
Message-ID: <3107AD8B.7FDE@visi.com>
References: <4e69sl$6ci@complete.org>
NNTP-Posting-Host: bigfoot.visi.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 2.0b5 (Win95; I)
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:13145 comp.unix.admin:37869

John Goerzen wrote:

> Secondly, using Kerberos.  I have detected what appears to be a flaw with
> the su program, although it could just be configuration error on my part.
> When somebody issues a su command to su to root, su will prompt them for a
> password.  They can enter anything they want the first time.  It will prompt
> for password again, and this time, if they enter root's login password, they
> will be su'd to root.

This is what it's supposed to do. Or are you saying that it prompted you more than
once for the password on the same 'SU'?

"It's not my god damned planet, understand monkey boy! - B. Bonzai"