Here's my question....  why does it matter what the default configuration 
of any OS is?  If you are going to claim to be a sysadmin, then for 
pete's sake, you have to know that OSs have holes in ANY default 
configuration.  A good admin never goes on faith that the OS of choice is 
secure out of the box, since this is never true, other than for /maybe/ 
VMS or VM/CMS.  But they don't really qualify anyhow. :)  IRIX is 
probably insecure b/c the company itself has a huge firewall behind which 
it hides and they design their systems with that sort of configuration in 
mind.  Also, it makes certain things easier when you first set up the 
machine.  For example, on the headless servers such as the Challenge S, 
what if for some reason you haven't got a serial console attached?  You 
can telnet in as root and add users etc....  there are good reasons for 
default configurations being 'open'.

-- 
| Dave Mays                      | dmays@fi.edu                 |
| Information Systems Specialist | http://www.fi.edu            |
| The Franklin Institute         | http://www.sln.org           |
| Philadelphia, PA               |                              |