Mimsy Were the Borogoves

Mimsy Were the Technocrats: As long as we keep talking about it, it’s technology.

Publicly available passwords

Jerry Stratton, March 14, 2007

One of our departmental accounts was having trouble logging in. When I looked at their LDAP entry, I noticed that their home directory was wrong. In fact, it didn’t look like a home directory at all. It looked like a password—the kind of password that a system administrator might choose.

I went off to find someone who might know more, and ran into two of our system administrators, one of whom was the person who had earlier defended the universal back door.

“Do either of you recognize xxxxxx—”



“We use that password on a lot of our systems; why?”

“The student health center account has that as their home directory. It’s publicly available on our LDAP directory.”


Now, mistakes happen. Something like this is bound to happen at least once in a system administrator’s life. That’s why it’s important to make sure that no one password can unlock everything. Fortunately this system password wasn’t the universal password. It’s been several months now, and the “weekend” backdoor is still there.

In response to I can’t think of any other way to do it: There is no system so insecure that a rushed migration can’t make things worse.

  1. <- Weekend Solutions