Re: Password less login



On 10 Sep 2006, in the Usenet newsgroup comp.security.unix, in article
<45041871$0$75032$14726298@xxxxxxxxxxxxxxx>, Ayaz Ahmed Khan wrote:

As far as I know, changing the password for such an account does not put
the "x" back in the empty second field for that account in /etc/passwd.

The Shadow utilities replace the passwd utility with a 'shadow-aware'
version. That utility does not alter the /etc/passwd file. The 'x'
would be placed there either manually, or by the adduser/useradd
application (when _adding_ new accounts), or by the passwd conversion
program (pwconv). I haven't tried it, but pwck _might_ fix the problem
as well, or it might only flag the account as not having a password.

Exactly how the "x" might have got removed from the root entry in the
/etc/passwd on your machine, I don't know.

I can't think of a reason either. I wondered what happens if a second
entry for root is created at the end of the passwd file (typical of
appending a line to the end of the file with a redirection), but the
first entry is used, not the second.

But if I ssh to that machine it asks for password. I dont know what
is happening. Did i do something wrong on the machine

By default, the "PermitEmptyPasswords" directive in sshd's config[0]
file is set to "no". It will prevent user accounts with no or empty
passwords from logging in through ssh.

I suspect this also is dependent on the authentication mechanism used by
ssh - it may not be looking at /etc/passwd for _authentication_ of the
remote user.

[O/T] Did you see my reply to your post in comp.os.linux.security, re:
'Pertaining to the "Any reasons to filter ARP packets?"'

Old guy
.



Relevant Pages

  • "Alternate authentication scheme in use" by certain system accounts
    ... One of his remarks was that he believed the games user account (amongst ... Fedora9 and even RH9) I do not get the result I expected from passwd -S: ... Other accounts like mail also return this state whereas accounts like ... The appears to apply to all user accounts of the setup package. ...
    (RedHat)
  • Re: Password Problem in RH Linux ES
    ... passwd someone ... What if I'm smart enough to require a password for single user mode? ... Users should know that they are not allowed to change accounts. ... People who are not sysadmins should generally not have root. ...
    (comp.os.linux.security)
  • Re: How can I rescue my passwd file after corrupting it (and why does it still work) ?
    ... pwd_mkdb: corrupted entry ... passwd and master.passwd have a lot of lines missing, and one or two mangled lines toward the end. ... So a LOT of user accounts are gone. ... all of those missing accounts still work. ...
    (freebsd-questions)
  • Re: user administration
    ... >We simply use passwd, but I'm searching for more advanced concepts. ... >have some ServiceGuard clusters and have to do the same work on many ... we used NIS+ to manage user accounts on ... One thing to be aware of is that NIS+ only became available on HP-UX ...
    (comp.sys.hp.hpux)
  • ! bad user in /var/cron/log
    ... Googling around, I've seen this mentioned with *LK* accounts, but this is ... the password for the user ldap has been set before the issue appeared. ... $ grep passwd /etc/nsswitch.conf ... If you are not the intended recipient be aware that any ...
    (SunManagers)