Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Making shadow passwords compulsory
  • From: Michael.James@xxxxxxxx
  • Date: Mon, 29 Sep 2003 12:36:21 +1000
  • Message-id: <200309291236.21270.Michael.James@xxxxxxxx>
Suse's "passwd" utility has a bit of undesired behaviour.

Most of my users don't have entries in shadow,
they depend on pam_krb5 for authentication.

So /etc/shadow is very short,
it only has lines for root and a few sysadmins.

I want for everyone else (system accounts like FTP and regular users)
to be denied even the possibility of a locally stored password.

Now in the past (under solaris) passwd would grumble and fail
unless that username already had a line present in shadow.

THIS passwd just bungs the encrypted string into /etc/passwd! Argh!
Nobody ever wants to go back to un-shadowed passwords.
How can I turn off this unwantedly obliging behaviour?

TIA,
michaelj


--
Michael James michael.james@xxxxxxxx
System Administrator voice: 02 6246 5040
CSIRO Bioinformatics Facility fax: 02 6246 5166

< Previous Next >