Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: [suse-security] Making shadow passwords compulsory
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Mon, 29 Sep 2003 09:09:44 +0200
  • Message-id: <20030929090944.D2242@xxxxxxxxx>
* Michael.James@xxxxxxxx wrote on Mon, Sep 29, 2003 at 12:36 +1000:
> Most of my users don't have entries in shadow,
> they depend on pam_krb5 for authentication.

useradd creates them automatically.

> I want for everyone else (system accounts like FTP and regular users)
> to be denied even the possibility of a locally stored password.

I do not understand what you mean. Do you want to deny them (from
what, BTW?) even if they have a valid password?

> THIS passwd just bungs the encrypted string into /etc/passwd! Argh!
> Nobody ever wants to go back to un-shadowed passwords.
> How can I turn off this unwantedly obliging behaviour?

Use as intended :-) To lock an account, try passwd -l username.
Maybe you can configure via PAM what you wish; if you want to
restrict shell access you can configure OpenSSH quite a lot.

Ohh, and finally, feel free to patch passwd or create your own
one, it's not that difficult, but I would not recommend that...

oki,

Steffen

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >
References