[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Users Password



In view of this strange discussion about ways of cracking
passwords, I have another suggestion to the guy who needs
to change authentication schemes:

Have a transition period in which both authentication schemes
run in parallel (is it possible technically?).

Announce that users have to renew their accounts.  Each day
"renew" the accounts of 10 users, until all user accounts have
been "renewed".

The "renewing" procedure shall consist of deleting the user
from the old authentication scheme and registering him with
the new authentication scheme, with a brand new password.
Maybe it is possible to develop a script, which sends to a
server (running under root) requests to "renew" an user's
account and the server will "renew" the account without
human intervention?

I think that it'll be easier to handle gradual phasing over
of users rather than calling 1000 users in the same
day.
                                                            --- Omer
WARNING:  by sending me unsolicited commercial E-mail
(known also as "spam"), you irrevocably agree to pay me,
per unsolicited commercial E-mail message, US$500.- plus
any legal fees incurred by me while trying to collect this amount
of money - for the service of my receiving your unsolicited
commercial E-mail.


> > On Sun, 30 Aug 1998, Ben - Nes Michael wrote:
> >
> > > Because i switch to other authentication system I need to get back
> all
> > > my users encrypted password form the passwd file (im talking on
> thousand
> > > + - ).
> > > If ill have to call each one of them ill probably die :-(