> I honestly can't believe that this is even up for debate! <grin> > > It's just bizarre.
It's not. Nothing stops one from putting the extra layer of security in place, it's just a user-level change, just like it is in Unix to go from single-user to multi-user mode. The fact that no-one has yet found it necessary or worthwhile speaks volumes. If you think it's worth it, then you need to put your money where your mouth is. As for me, I have way too much trouble understanding a hybrid of MIPS and PC architecture to worry about securing equipment no one really seems to want to break into. You are forgetting that the cost of security must be commensurate with the risk. When Plan 9 is popular enough for random visitors to desire to crack it, then the extra security will be worth the extra effort. Until then, we can all save ourselves the bother, including trying to remember different passwords for different hosts. Am I remembering wrong that 2nd Edition had password control on CPU servers? I missed it briefly, then forgot about it. Oh, yes, the change arose from the new security infrastructure, Bell Labs did not have the resources to port it so they abandoned it. I adapted the old password check for something else, but what with NVRAM's failings and the effort involved, I never tried to get the CPU server to have a secured console. ++L PS: Off the cuff, I'd say that adding auth/as to init(8) on a CPU server would be almost all that's needed, just like in Unix. So this discussion has been quite unnecessary.
