Date: Wed, 30 Dec 2009 08:09:14 -0600 (CST) From: Lars Eighner <luvbeastie@larseighner.com> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: Anton Shterenlikht <mexas@bristol.ac.uk>, freebsd-questions@freebsd.org Subject: Re: does toor have passwd or not? According to logins -p: yes Message-ID: <20091230080857.L54092@qroenaqrq.6qbyyneqvnyhc.pbz> In-Reply-To: <4B3B53B5.7040601@infracaninophile.co.uk> References: <20091230123341.GC36440@mech-cluster241.men.bris.ac.uk> <4B3B53B5.7040601@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 30 Dec 2009, Matthew Seaman wrote: > Anton Shterenlikht wrote: >> I was checking for passwordless accounts with 'logins -p'. >> None was found. However, I understand toor doesn't have >> passwd by default, and I never touched it, so I expected >> logins -p to show toor, but it didn't. >> >> Just to check I also tried to su toor with root passwd - no access. >> Please can somebody clarify if toor does indeed have >> passwd. > > If there's nothing in the second field, then you have a problem, as that > means the account has a NULL password (ie. just hit return when prompted > for a password -- I've been wrong before, but I think you do not get a password prompt at all, at least not on login. You enter the login: name and you are off to motd and a command prompt. > this is what 'logins -p' detects). That may or may not > actually work to get into the toor account depending on how you're trying > to authenticate and on various other security settings eg. in /etc/pam.d, > but even so it is something that should be fixed pronto. Use vipw(8) to > edit master.passwd and insert a * -- vipw will regenerate /etc/passwd and > pwd.db automatically for you. -- Lars Eighner http://www.larseighner.com/index.html 8800 N IH35 APT 1191 AUSTIN TX 78753-5266
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091230080857.L54092>