Subject: Re: toor
To: Steven M. Bellovin <smb@research.att.com>
From: Aaron J. Grier <agrier@poofygoof.com>
List: netbsd-users
Date: 07/23/2002 10:03:02
On Tue, Jul 23, 2002 at 05:49:20AM -0400, Steven M. Bellovin wrote:
> In message <20020722231901.M278@goldberry.poofy.goof.com>, "Aaron J. Grier" writes:
> >out of the box we generate security warnings...
> >
> >why do we bother shipping with a disabled toor account at all?
> >
> 
> It lets you log in -- assuming you've set a password -- if csh is
> damaged or deleted.

right, but in that case shouldn't sysinst ask to set a password for
toor, or at least mention it during installation?

-- 
  Aaron J. Grier | "Not your ordinary poofy goof." | agrier@poofygoof.com