misc/82823: no problem,
but little addon for /etc/periodic/400.passwdless
Wolfgang Lausenbart
u at netbeisser.de
Thu Jun 30 15:10:03 GMT 2005
>Number: 82823
>Category: misc
>Synopsis: no problem, but little addon for /etc/periodic/400.passwdless
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jun 30 15:10:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Wolfgang Lausenbart
>Release: FreeBSD 5.4
>Organization:
netbeisser.de
>Environment:
FreeBSD5.4
>Description:
--- 400.passwdless.backup Wed Jun 29 19:21:24 2005
+++ 400.passwdless Wed Jun 29 19:22:10 2005
@@ -45,4 +45,16 @@
*) rc=0;;
esac
+#exit "$rc"
+
+case "$daily_status_security_passwdless_enable" in
+#this needs to be defined first
+#case "$daily_status_security_pam_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo 'Checking for weak pam configuration:'
+ grep 'optional' /etc/pam.d/* | grep -v '#' | grep -v README;;
+
+ *) rc=0;;
+esac
+
exit "$rc"
>How-To-Repeat:
Just goto /etc/pam.d/ and replace
"auth required" with "auth optional" a.s.f.
and local users could login without
password. I think it is good style to check
for this.
>Fix:
not critical, but apply if you want.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list