Re: Password less login



On 10 Sep 2006, in the Usenet newsgroup comp.security.unix, in article
<45041871$0$75032$14726298@xxxxxxxxxxxxxxx>, Ayaz Ahmed Khan wrote:

As far as I know, changing the password for such an account does not put
the "x" back in the empty second field for that account in /etc/passwd.

The Shadow utilities replace the passwd utility with a 'shadow-aware'
version. That utility does not alter the /etc/passwd file. The 'x'
would be placed there either manually, or by the adduser/useradd
application (when _adding_ new accounts), or by the passwd conversion
program (pwconv). I haven't tried it, but pwck _might_ fix the problem
as well, or it might only flag the account as not having a password.

Exactly how the "x" might have got removed from the root entry in the
/etc/passwd on your machine, I don't know.

I can't think of a reason either. I wondered what happens if a second
entry for root is created at the end of the passwd file (typical of
appending a line to the end of the file with a redirection), but the
first entry is used, not the second.

But if I ssh to that machine it asks for password. I dont know what
is happening. Did i do something wrong on the machine

By default, the "PermitEmptyPasswords" directive in sshd's config[0]
file is set to "no". It will prevent user accounts with no or empty
passwords from logging in through ssh.

I suspect this also is dependent on the authentication mechanism used by
ssh - it may not be looking at /etc/passwd for _authentication_ of the
remote user.

[O/T] Did you see my reply to your post in comp.os.linux.security, re:
'Pertaining to the "Any reasons to filter ARP packets?"'

Old guy
.