User without a password?
Hello,
I have just finished installing the -current branch of Slackware64 in my PC. It was not an update, I formatted the disk and did a clean install. I wanted to create my users and I realised that now you need to set an non-empty password for yours users. I used to have my login with an empty password (just push enter when I was asked for my password) and I would like to keep it in that way. I suppose it is related with the change to PAM. Is there any way to change the configuration and allows empty passwords for users? Thanks! |
Quote:
Code:
/etc/pam.d/system-auth:auth sufficient pam_unix.so likeauth nullok The "nullok" parameter allows for a login with an empty password, but there are some caveats as to what is an "empty password". Having "nullok" works only if the password field in the /etc/shadow file (that is the second colon-separated field) is empty. What usually happens instead is that the password field in /etc/shadow contains either '!!' or '*' to indicate that the account is locked. This would then be replaced with a hashed password, when root sets a password for the user. The password field will only be actually empty only when root removes the password: Code:
passwd -d <user> |
Yes, indeed that was the problem. I tried a couple of options in the lines you pointed out, but the result was always the same, the user remains locked.
So I took the quick solution: Code:
passwd -d <user> Thanks! |
Quote:
|
Quote:
|
Quote:
Now with the PAM-ification it wouldn't let you provide an empty password (pressing Enter repeatedly) and you have to either enter one or just kill it: Quote:
|
Unless the adduser script has changed in -current, this looks to be an issue with passwd directly since the script just calls passwd and if it doesn't complete the process properly (an exit code other than 0), then it is supposed to exit the adduser script after displaying a warning.
Code:
# Set a password I suppose it is possible for the script to ask if a user is expected to have a blank passwd and then either issue passwd -d on that user or exit and let root do it themselves after. If they answer that the user is expected to have the passwd, then they could run passwd normally. There doesn't seem to be a way to allow scripting of changing the passwd (unless -current's passwd binary is different than 14.2's). |
The output is from a recently updated (today) Slackware ARM -current. And my proposal (question) was to fix the adduser script, make it behave like before the PAM-ification. In this PAM context now, just use a condition to catch if the user is pressing Enter multiple times at the Password question and don't call & pass anything to passwd yet, but use "passwd -d <user>" in this case.
Slackware 14.2 - "unPAM-ified" classic behavior of the adduser script. Code:
Enter the new password (minimum of 5 characters) |
I forgot that Pat changed adduser about a year back. When he did, he introduced the possibility of an infinite loop for chfn and passwd in the adduser script. I had suggested an alternative, but it was never taken (maybe missed or felt it wasn't necessary at the time).
Code:
# Set the finger information |
Well, thing is, modifying adduser is less invasive (and cleaner) than goofing around with the upstream passwd and the whole PAM orchestration.
|
Quote:
I suppose there could also be an option added to allow someone to delete the "password" if passwd isn't ran successfully. |
Just had a closer look at the updated (-current) adduser script and learned that it actually calls passwd directly and that passwd doesn't have a non-interactive mode anymore. Thus, no way to read user input and stop if it presses enter, at least not with passwd. chpasswd could be an option.
https://stackoverflow.com/questions/...a-shell-script Well, forget it! :) |
All times are GMT -5. The time now is 01:22 AM. |