Scott Smith writes:
>> # cat /home/ext/.adduserrc
>> Shell=/bin/ksh
>> Group=ext
>> uid=9000
>> Passwd=11tRy17gmFhBI
>> PW_AGE=immediate
>> list=yes
>> 

>I like this idea, but don't like the idea of having a default password for all 
>accounts.  I suppose it's OK when having to add over ten users at a time, but

If you set the default passwd to '**' (the default), it will prompt you
to change the passwd after it has been added.  If your machine has crypt
or perl available, you can give it a plain text passwd which it will 
encrypt and use that as the default.  Its your choice how secure you want 
to be.

>And my next problem with this is the fact that the default password is stored
>in a file on the filesystem.  There have been enough problems with being able
>to read files without permission to prevent me to ever consider such a thing.

I agree, see above.

>it.  Yes, it's encrypted, but we all know what Crack is.  And default
>passwords usually aren't the most secure in the first place.

Agreed, see above, and yes I run Crack with any "default" passwds added to the 
dictionary so any accounts thus created that are not used promptly
get locked - as do idle accounts and those with weak passwds.

BTW as of 1.3, NetBSD's login has my force immediate passwd change hack,
so adduser.sh will work as advertised :-)

>> adds the user (and if /home/ext/default exists, its content would have been
>> replicated into the new dir) and sets the passwd to expire immediately.

>That's what /etc/skel, /usr/share/skel, et al are for.  :)

All of which are OS specific and as I mentioned I use this tool in
heterogeneous (unix) environments.   I add far more users to SunOS and
Solaris boxes than I do NetBSD...

--sjg