LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 02-14-2008, 01:24 PM   #1
spitofire
LQ Newbie
 
Registered: Jan 2005
Posts: 5

Rep: Reputation: 0
Login issue, local passthrough, remote is secure


I discovered this accidentally, and I don't understand why this is happening:
- when I login locally (i.e. standard tty, no gdm/xdm), I can just hit ENTER, no password, and the system grants access, be it my user or root account (!)
- when I login remotely (FTP, ssh from another machine), the right password is hopefully required, as well with "su" (locally).

I'm running a Slackware 12, 2.6.22.6, Dropline GNOME has been installed, no fancy stuff otherwise.

Any idea why my system shows these symptoms ?

(it would be nice if I could avoid a re-install)
 
Old 02-14-2008, 02:05 PM   #2
raconteur
Member
 
Registered: Dec 2007
Location: Slightly left of center
Distribution: slackware
Posts: 276
Blog Entries: 2

Rep: Reputation: 44
Have you modified your /etc/inittab or /etc/login.defs files?

I'm not familiar with Dropline Gnome so I'm not sure how this might affect logins.

It is quite odd that the root user can log in without a password... even if login.defs is modified to allow no-password logins, the /bin/login program explicitly overrides that for root login. The only way I can see that it could occur is if inittab is using something other than agetty and /bin/login for logging in to the console.

This does, of course, assume the obvious -- that you have actually set a password for root
I'd try explicitly setting a password on the command line after logging in locally to see if the problem persists.

Last edited by raconteur; 02-14-2008 at 02:07 PM.
 
Old 02-14-2008, 02:53 PM   #3
spitofire
LQ Newbie
 
Registered: Jan 2005
Posts: 5

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by raconteur View Post
Have you modified your /etc/inittab or /etc/login.defs files?
No, except I switched to an init 4 for a while and back to 3.

Quote:
Originally Posted by raconteur View Post
I'm not familiar with Dropline Gnome so I'm not sure how this might affect logins.
At least your answer had me do a little more research, and I've found something about a Dropline "*Critical Update* - 2007-12-26" regarding PAM and a "local authentication exploit" ...

Quote:
Originally Posted by raconteur View Post
It is quite odd that the root user can log in without a password... even if login.defs is modified to allow no-password logins, the /bin/login program explicitly overrides that for root login. The only way I can see that it could occur is if inittab is using something other than agetty and /bin/login for logging in to the console.

This does, of course, assume the obvious -- that you have actually set a password for root
I'd try explicitly setting a password on the command line after logging in locally to see if the problem persists.
I have a root password :-)

Password change has no effect.

I'll see to update my Dropline distribution, and if it's indeed the source of my problems, then I'll accept Patrick's opinion of PAM, forever ...

EDIT: a Dropline/PAM configuration problem, indeed. I missed a critical update ... pam-0.99.9.0-i686-2dl fixes the issue. Otherwise, check manually the /etc/pam.d/system-auth for the line beginning with "auth" and replace "sufficient" with "required" ! (when I thought Dropline had stopped being intrusive !)

Last edited by spitofire; 02-14-2008 at 03:17 PM. Reason: Issue solved
 
Old 02-15-2008, 02:30 AM   #4
evilDagmar
Member
 
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480

Rep: Reputation: 31
That update was issued a ludicrously long time ago, man. You have fun trying to go months without updating your system.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Local Login Issue ratul_11 Linux - Security 8 04-12-2010 06:00 PM
remote login screen but need local login lastkey Ubuntu 0 12-13-2006 02:41 AM
remote x login instead of local login mandrake-n00b Mandriva 0 04-22-2005 10:19 PM
advice about secure remote login kermit Linux - General 3 08-04-2002 02:02 PM
Local and Remote X login lancest Linux - Networking 0 06-28-2002 06:01 PM


All times are GMT -5. The time now is 09:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration