Blank password works for root
Bevan C. Bennett
bevan at fulcrummicro.com
Fri Jan 9 22:17:27 UTC 2004
Bill Beeman wrote:
>
> auth required /lib/security/$ISA/pam_env.so
> auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
> auth sufficient /lib/security/$ISA/pam_smb_auth.so
> use_first_pass nolocal
> auth required /lib/security/$ISA/pam_deny.so
>
> account required /lib/security/$ISA/pam_unix.so
>
> password required /lib/security/$ISA/pam_cracklib.so retry=3
> type=
> password sufficient /lib/security/$ISA/pam_unix.so nullok
> use_authtok shadow
> password required /lib/security/$ISA/pam_deny.so
>
> session required /lib/security/$ISA/pam_limits.so
> session required /lib/security/$ISA/pam_unix.so
>
> and the (obfuscated) root entry from /etc/shadow:
> root:xxxxxxxxxxx:12426:0:99999:7:::
>
> Hope this helps..
Yeah! Now we're getting somewhere...
Here's some things to try:
* Make double sure that root's /etc/passwd entry has '*' for the
password field.
* try resetting root's password by running 'passwd' and re-entering it.
* find out where pam_smb_auth comes from, with perhaps
"rpm -qf /lib/security/pam_smb_auth.so". I don't see that module in the
Fedora Core samba RPMs...
samba-3.0.0-15 has /lib/security/pam_smbpass.so
samba-common-3.0.0-15 has /lib/security/pam_winbind.so
* What changes if you remove the pam_smb_auth line? Do you still have
null access? Do you still have access using the password?
More information about the fedora-list
mailing list