master.passwd -- securing
Sergey 'DoubleF' Zaharchenko
doublef at tele-kom.ru
Thu Dec 18 06:26:28 PST 2003
On Thu, 18 Dec 2003 11:44:14 +0000
"Rhys John" <elite_bizkit at hotmail.com> probably wrote:
> Both accounts are now active but i would like to remove the encrypted
> password from master.passwd and replace it with a *. Is this possible with
> "vipw"?
>
It doesn't matter what you use for editing your password files (at least
for this point).
If you have a `*' in your master.passwd, that means that direct console
logins for that user are disabled. If you are so much embarassed about
root having a password, you may use sudo (from ports) and allow a
certain user to "sudo sh" to gain root priveleges, for instance. He (you
as a user) will then have to enter his own password, not root's. This
way, you exchange a cracker's job of cracking your root password for a
job of cracking your user password, so it's not much more secure:).
> Thanks for your reply hugle
>
> >From: hugle <hugle at vkt.lt>
> >Reply-To: hugle <hugle at vkt.lt>
> >To: freebsd-questions at freebsd.org
> >Subject: Re: master.passwd -- securing
> >Date: Thu, 18 Dec 2003 03:39:18 -0800
> >
> >RJ> Ive been playing with "vipw" trying to change passwords into "*" for a
> >RJ> slightly higher level of security but ran into some very big problems.
> >RJ> From reading through the FreeBSD handbook it seemed all i had to do was replace
> >RJ> the encrypted password with *, which is what i did. I thought it seemed
> >RJ> bit odd but continued anyway. Foolishly (although i was quite tired) i did
> >RJ> this to both my user account and root. So they both had * as their password
> >RJ> and looked the same as every other entry in the file. I saved it and "vipw"
> >RJ> updated the database so i thought all was well and logged off to check...
> >RJ> big mistake! The net result of this was not good, i couldnt access my user
> >RJ> account or root :( Anyway i had to cut the power to my PC since i couldnt
> >RJ> shut it down because i was locked out. After that i went into single user
> >RJ> mode and changed the passwords back and its working now but i cant hide the
> >RJ> passwords. So i guess after all this rambling my question is how to i secure
> >RJ> the password file? How do i change from the encrypted password to * without
> >RJ> screwing over my system? Any help would by much appreciated
> >try doing that:
> >#Forget your root pw?
> >1. Reboot. when you see the "boot" prompt, type boot -s and hit enter
> >2. run this command: fsck -p / && mount -u /
> >3. use the `passwd` command to set a password for root
> >4. reboot, done
> >
> >hope that helps..
> >
> >
> >_______________________________________________
> >freebsd-questions at freebsd.org mailing list
> >http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> >To unsubscribe, send any mail to
> >"freebsd-questions-unsubscribe at freebsd.org"
>
> _________________________________________________________________
> Find a cheaper internet access deal - choose one to suit you.
> http://www.msn.co.uk/internetaccess
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
--
DoubleF
Violence is the last refuge of the incompetent.
-- Salvor Hardin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20031218/c119e7d3/attachment.bin
More information about the freebsd-questions
mailing list