does toor have passwd or not? According to logins -p: yes

Matthew Seaman m.seaman at infracaninophile.co.uk
Wed Dec 30 13:21:16 UTC 2009 

Anton Shterenlikht wrote:
> I was checking for passwordless accounts with 'logins -p'.
> None was found. However, I understand toor doesn't have
> passwd by default, and I never touched it, so I expected
> logins -p to show toor, but it didn't.
> 
> Just to check I also tried to su toor with root passwd - no access. 
> 
> Please can somebody clarify if toor does indeed have
> passwd.

By default, the account is locked.  Look at /etc/master.passwd -- the toor
entry probably looks like this:

toor:*:0:0::0:0:Bourne-again Superuser:/root:

That '*' in the second field means there's simply no possibility of login
using a password. In this case, everything is fine.

If it's a string of dollar signs and alphanumerics like this:

$1$salt$qJH7.N4xYta3aEG/dfqo/0

then the account does have a real password.  This is probably OK, if you want
to be able to log in as toor directly. [Before anyone gets excited and
tries to break into any of my machines, no that isn't a real crypted password
from my master.passwd file.  It's created like this:

   % perl -le 'print crypt("password", "\$1\$salt\$")'

]

If there's nothing in the second field, then you have a problem, as that means
the account has a NULL password (ie. just hit return when prompted for a password
-- this is what 'logins -p' detects). That may or may not actually work to get
into the toor account depending on how you're trying to authenticate and on various other security settings eg. in /etc/pam.d, but even so it is something that should
be fixed pronto.  Use vipw(8) to edit master.passwd and insert a * -- vipw will 
regenerate /etc/passwd and pwd.db automatically for you.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20091230/05931cd7/signature.pgp

More information about the freebsd-questions mailing list