addition to the host name. This option is needed by programs suchs as
telnetd, because at the point they invoke login, they already have opened
a pty, and the stdin of login is no longer the socket connected to the
remote host. In addition don't chop the hostname up to the first dot if
the domain matches. These practices are 70's fashion and they only serve
to lose information. These days we have long enough fields in utmpx and
wtmpx to store the full names.
* Change the semantics of the `-s' option somewhat. If specified, allow
either Kerberos or S/Key login, but not a plain password.
* Eliminate the special `s/key' password; just type it at the prompt.
* Remove the root instance special case. This is a serious security hole
waiting to happen, and no other system works this way.
* Don't force a password change if Kerberos was used. Also, don't call
/bin/passwd at all if the password change isn't required.
* if the user has an s/key, provide a reminder in the password prompt
* if '-s' is given once, force a user that has an s/key to use it
* if '-s' is given more than once, only permit s/key logins
wiz