Alan Post writes:
> 
> The scheme I am proposing requires root priveleges to change any
> user's uid or gid, so I'm not sure what you mean here.
> 
> The scheme prevents bugs in passwd(1) from being local root
> compromises (as happened with the format string bug of SA2000-15).
> 
> In my view, the valid criticisms it has received so far are:
> 
>   1)  makes it hard to prevent determined users from choosing bad
>       passwords
>   2)  makes it hard to force users to change passwords periodically
>   3)  makes it possible to set a user's password without knowing the
>       current one (though in the current scheme you could instead
>       trojan their shell init scripts)
>   4)  makes it impossible to make both username->uid and uid->username
>       mappings perform as well as currently (no pwd_mkdb(8))

How does this scheme allow continued use of (e.g.) NIS?  (Ignoring cries
that NIS should just Go Away :) )

Later...

Greg Oster