[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Telnet

Subject: Re: [cobalt-users] Telnet
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Tue May 9 10:24:52 2000
Organization: nobaloney.net

Jens Kristian Søgaard wrote:

> Well, if they can guess the root password, they can also guess the
> admin password (as it is the same, when using the Cobalt GUI). If they
> got the admin password, they can log in as that user, and run su from
> there.

It's not whether or not they can guess the root password or the admin
password, it's whether or not they can get into the box at all to try to
guess.

Most of us have user names the same as email addresses.

What that means is our user names are published all over the Internet.

Many of our users use simple, easy to guess passwords.

Given a day, I can usually get into almost any system out there as a
user.  Why then put me in a position where I could even hope to get in
as root?

I've always thought that Red Hat only allows members of wheel to su to
root, but I could be mistaken; I've not done that many installations
myself.

Imho, the only people who should be able to get in as root are people
who really need to, and they should understand, and use, secure
passwords that cannot be easily guessed.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA  92517
voice: (909) 787-8589  *  fax: (909) 782-0205

Follow-Ups:
- Re: [cobalt-users] Telnet
  - From: Jens Kristian Søgaard

References:
- Re: [cobalt-users] Telnet
  - From: Gordon
- Re: [cobalt-users] Telnet
  - From: Jens Kristian Søgaard
- Re: [cobalt-users] Telnet
  - From: Jeff Lasman
- Re: [cobalt-users] Telnet
  - From: Jens Kristian Søgaard

Prev by Date: Re: [cobalt-users] CGI Newbie
Next by Date: RE: [cobalt-users] Re: cobalt-users digest, Vol 1 #763 - 26 msgs
Previous by thread: Re: [cobalt-users] Telnet
Next by thread: Re: [cobalt-users] Telnet

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index