[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: null password account NEEDED!




On 23/03/00, at 2:57 PM, kenneth topp wrote:

>To be clear... That the second field (delimited by ":") are "x" and
>"" in /etc/passwd and /etc/shadow.

Yes, that is precisely what I have. an x in the password field of the
passwd file and an empty password field in the shadow file. But
it still refuses to let users in. I tried stuff that people sent me, and
I modified my etc/pam.d/other file also.

Now I tried to login and it seems to let me by, but I get the message:
"You are required to change your password immediately
 New UNIX password: "

This is an improvement but still not perfect :)

>If this isn't it, please send us your complete /etc/pam.d/login and
>bbs lines for /etc/passwd and /etc/shadow.

[grimm@chiba grimm]$ cat /etc/pam.d/login
#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_pwdb.so shadow nullok
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_pwdb.so
password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_pwdb.so shadow nullok use_authtok
session    required     /lib/security/pam_pwdb.so
session    optional     /lib/security/pam_console.so
[grimm@chiba grimm]$

#passwd
waffle:x:506:501:waffle:/home/waffle:/bin/bash

#shadow
waffle::0:99999:7:-1:-1:134549612



>kenneth
>
>On Thu, 23 Mar 2000, kenneth topp wrote:
>>
>> can you verify that the entry in /etc/passwd has "x" for the second
>> field, and in /etc/shadow has nothing?
>>
>> As root:
>>
>> cat /etc/shadow /etc/passwd | awk -F: ' /^bbs:/ { print "["$2"]" }'
>>
>> should return:
>>
>> []
>> [x]
>>
>>
>> don't rush editing those files... (make a backup) ;)
>>
>> kenneth
>>
>> On Thu, 23 Mar 2000, FCO Enr. wrote:
>>
>> > greetings!
>> >
>> > 	I am so glad to have gotten such quick feedback! Although
>> > by default PAM is installed in the Redhat 6.1 dist and all the options
>> > you quoted below were set properly. The problem is, that still
>> > doesn't enable a user to log on without a password!
>> >
>> > 	I am hoping someone has tried this before and can vouch
>> > for the fact that by default PAM I guess was designed NOT to let
>> > stuff like that happen. The problem is I need to make it happen,
>> > and quick too!
>> >
>> > 	I appreciate your help very much!
>> >
>> > 	Andy
>> > 	fco@total.net
>> >
>> > >> 	I absolutely need to find a way to either make pam
>> > >> let users of the bbs account in without a password or a way
>> > >> to remove pam from my machine without messing up all the
>> > >> modules it seems to be attached to.
>> > >
>> > >on any pam versio i have seen since, there is a "nullok" option for
>> > >pam_pwdb.so
>> > >
>> > >on my RH6.1 system there IS a nullok option for login too
>> > >
>> > >[root@localhost pam.d]# cat login
>> > >#%PAM-1.0
>> > >auth       required     /lib/security/pam_securetty.so
>> > >auth       required     /lib/security/pam_pwdb.so shadow nullok
>> > >auth       required     /lib/security/pam_nologin.so
>> >
>> >
>>
>>
>
>--
>To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []