From owner-freebsd-questions@FreeBSD.ORG Thu Dec 18 03:39:46 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A99116A4CE for ; Thu, 18 Dec 2003 03:39:46 -0800 (PST) Received: from tequila.4you.lt (tequila.4you.lt [212.122.68.216]) by mx1.FreeBSD.org (Postfix) with SMTP id 159CA43D1D for ; Thu, 18 Dec 2003 03:39:41 -0800 (PST) (envelope-from hugle@vkt.lt) Received: (qmail 63748 invoked by uid 0); 18 Dec 2003 11:36:09 -0000 Received: from hugle@vkt.lt by tequila by uid 82 with qmail-scanner-1.20rc1 (. Clear:RC:1:. Processed in 0.388227 secs); 18 Dec 2003 11:36:09 -0000 Received: from unknown (HELO 127.0.0.1) (213.252.192.162) by tequila.4you.lt with SMTP; 18 Dec 2003 11:36:08 -0000 Date: Thu, 18 Dec 2003 03:39:18 -0800 From: hugle X-Mailer: The Bat! (v2.01) X-Priority: 3 (Normal) Message-ID: <7071603920.20031218033918@vkt.lt> To: freebsd-questions@freebsd.org In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: master.passwd -- securing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hugle List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Dec 2003 11:39:46 -0000 RJ> Ive been playing with "vipw" trying to change passwords into "*" for a RJ> slightly higher level of security but ran into some very big problems. From RJ> reading through the FreeBSD handbook it seemed all i had to do was replace RJ> the encrypted password with *, which is what i did. I thought it seemed a RJ> bit odd but continued anyway. Foolishly (although i was quite tired) i did RJ> this to both my user account and root. So they both had * as their password RJ> and looked the same as every other entry in the file. I saved it and "vipw" RJ> updated the database so i thought all was well and logged off to check... RJ> big mistake! The net result of this was not good, i couldnt access my user RJ> account or root :( Anyway i had to cut the power to my PC since i couldnt RJ> shut it down because i was locked out. After that i went into single user RJ> mode and changed the passwords back and its working now but i cant hide the RJ> passwords. So i guess after all this rambling my question is how to i secure RJ> the password file? How do i change from the encrypted password to * without RJ> screwing over my system? Any help would by much appreciated try doing that: #Forget your root pw? 1. Reboot. when you see the "boot" prompt, type boot -s and hit enter 2. run this command: fsck -p / && mount -u / 3. use the `passwd` command to set a password for root 4. reboot, done hope that helps..