Hello, apparently yppasswd in the nis package wasn't compiled with
-DUSE_OBVIOUS to check for weak passwords. I found out that more than 20% of the user passwords in a Debian net I was managing were _very_ weak (eg login name). Not a very comfortable figure (even if one's using shadow passwords). I was inclined to install npasswd (or even a modified yppasswd) in /usr/local/bin. However, the server, yppasswdd, doesn't require that its clients talk to it from privileged ports (so yppasswd doesn't need to be suid root and I can't enforce my password policy). I think it would be nice if Debian addressed this (potential) security problem in an out-of-the-box configuration... IMHO, it already beats all commercial Unixes I know. Thanks, -- Adriano -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
