From mboxrd@z Thu Jan 1 00:00:00 1970 From: Enrique Soriano Salvador To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu> Content-Type: text/plain Message-Id: <1090588496.13043.40.camel@ronin.dat.escet.urjc.es> Mime-Version: 1.0 Date: Fri, 23 Jul 2004 15:14:56 +0200 Content-Transfer-Encoding: 7bit Subject: [9fans] plain passwords and keyfs Topicbox-Message-UUID: c54695b0-eacd-11e9-9e20-41e7f4b1d025 Why does keyfs serve the users password in plain text on the file /mnt/keys/user/secret ? I know that the man in front of the cpu/auth server is the only one that can see the users passwords... but it can be dangerous for users that have the same password for different systems (unix, win, plan9 ...) { I am changing my Unix passwords in this very moment, so nemo and gorka can now see my password-for-all in plain text!!! :) } As far as I know, in other systems (i.e. unix) the admin cannot see the users passwords (of course, he can try to crack the /etc/shadow file or to make other malicious acts) I am sure that there is a design related explanation for that... Thanks! Q.