does toor have passwd or not? According to logins -p: yes
Lars Eighner
luvbeastie at larseighner.com
Wed Dec 30 14:19:57 UTC 2009
On Wed, 30 Dec 2009, Matthew Seaman wrote:
> Anton Shterenlikht wrote:
>> I was checking for passwordless accounts with 'logins -p'.
>> None was found. However, I understand toor doesn't have
>> passwd by default, and I never touched it, so I expected
>> logins -p to show toor, but it didn't.
>>
>> Just to check I also tried to su toor with root passwd - no access.
>> Please can somebody clarify if toor does indeed have
>> passwd.
>
> If there's nothing in the second field, then you have a problem, as that
> means the account has a NULL password (ie. just hit return when prompted
> for a password --
I've been wrong before, but I think you do not get a password prompt at all,
at least not on login. You enter the login: name and you are off to motd
and a command prompt.
> this is what 'logins -p' detects). That may or may not
> actually work to get into the toor account depending on how you're trying
> to authenticate and on various other security settings eg. in /etc/pam.d,
> but even so it is something that should be fixed pronto. Use vipw(8) to
> edit master.passwd and insert a * -- vipw will regenerate /etc/passwd and
> pwd.db automatically for you.
--
Lars Eighner
http://www.larseighner.com/index.html
8800 N IH35 APT 1191 AUSTIN TX 78753-5266
More information about the freebsd-questions
mailing list