Cosmin Nicolaescu on 19 Aug 2005 14:10:25 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Terminal/shell login with no password


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, August 20, 2005 8:29 pm, Eric wrote:
> I need some SysAdmin advice...
>
> I have a Red Hat box that I'm installing some software on and the users
> expect
> to connect with no password.  I'm okay with that since it's not on the
> network and they are all hard-wired terminals.  First I tried zeroing out
> the
> password in the neat little gooey (GUI) tool but it won't let me save the
> user that way.  Failing that, I tried to replace the "x" in the password
> file
> with nothing.  No joy - the login fails without even asking for the
> password.
>
> Does this mean that I have to tinker with PAM?   Last time I tried that I
> froze myself out of the damn box so bad I had to boot into single user
> mode
> and un-do my mistake(s).  Since then I've just left it alone :-)
>
> Thanks,
> Eric
> --

Just a quick question on the matter:

how does the software connect? I mean, you're talking about blank
passwords, and been getting the 'delete the password entries in
/etc/shadow', but that would mean that the users would have no
password...at all...unless you have PermitEmptyPasswords no in
/etc/ssh/sshd_config, anybody will get in your box, if you have a mail
server, then all imap/pop access will be passwordless...

now, if you don't have any remote services, which means that in order to
use that software the users would have to come to the machine locally and
start the software, you might have some better options, but they all
depend on how the software operates:

1. you edit /etc/pam.d/login to not check for password
2. you add a file to /etc/pam.d/ for this software, and bypass the
password authentification (this requrires the software to support pam)
3. you add the users to a group and use sudo to give the users in that
group access to the software with NOPASSWD (that would emply that
everybody would run the software as the same user)
4. you have some sort of wrapper script

Again, a description of what the software does and knowing how it works
would be needed for the best solution, but all I'm trying to make sure is
that you don't have a system out there on the net with n (where n>0)
passwordless accounts.

- -Cos

- --
GPG key fingerprint = DE9F 4664 E666 2BD1 903E  4F4D EA31 5FB1 C7F9 08C1

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDBejU6jFfscf5CMERAuOWAJ0diDFK/58jZvYsXclXmpCHYPTkGQCglLdj
ncbtjFhd6WZse5Dr/SEoD00=
=rnN8
-----END PGP SIGNATURE-----

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug