John Pershing (PERSHNG@ibm.com)
9 September 1987, 09:46:41 EDT
I don't understand why one should trust "subverted local software" to
handle your *current* password, yet not trust it to set a *new* password.
(Note that the current password has to be provided before the new one can
The scheme the Chris Markle proposes for setting new passwords makes
perfect sense to someone who is familiar with the normal IBM access
control procedures. (Actually, the *original* scheme makes *more* sense,
except that the perpetrators of FTP don't seem to understand the
necessity of periodic password changes.) However, the GROUP() parameter
on the PASS command seems a bit strange -- wouldn't it "look better" on
the USER command, without echo-suppression?
John A. Pershing Jr.
IBM T. J. Watson Research Center
Yorktown Heights, NY 10598
This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:39:15 GMT