SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have just finished installing the -current branch of Slackware64 in my PC. It was not an update, I formatted the disk and did a clean install.
I wanted to create my users and I realised that now you need to set an non-empty password for yours users.
I used to have my login with an empty password (just push enter when I was asked for my password) and I would like to keep it in that way. I suppose it is related with the change to PAM. Is there any way to change the configuration and allows empty passwords for users?
I have just finished installing the -current branch of Slackware64 in my PC. It was not an update, I formatted the disk and did a clean install.
I wanted to create my users and I realised that now you need to set an non-empty password for yours users.
I used to have my login with an empty password (just push enter when I was asked for my password) and I would like to keep it in that way. I suppose it is related with the change to PAM. Is there any way to change the configuration and allows empty passwords for users?
Thanks!
The system-auth module in Slackware's PAM has these two lines, for password validation and for authentication
And the explanation comes from another source (at Redhat):
The "nullok" parameter allows for a login with an empty password, but there are some caveats as to what is an "empty password".
Having "nullok" works only if the password field in the /etc/shadow file (that is the second colon-separated field) is empty.
What usually happens instead is that the password field in /etc/shadow contains either '!!' or '*' to indicate that the account is locked. This would then be replaced with a hashed password, when root sets a password for the user.
The password field will only be actually empty only when root removes the password:
Code:
passwd -d <user>
or when root unlocks an account that has no password.
Yes, indeed that was the problem. I tried a couple of options in the lines you pointed out, but the result was always the same, the user remains locked.
The password field will only be actually empty only when root removes the password:
Code:
passwd -d <user>
or when root unlocks an account that has no password.
Could this get included in the /usr/sbin/adduser script as an automation for an empty password (after pressing multiple times Enter when the password is asked)?
Could this get included in the /usr/sbin/adduser script as an automation for an empty password (after pressing multiple times Enter when the password is asked)?
passwd itself is invoked directly in the script, so either passwd would need to be modified or you'd need to check and see if passwd passes a specific exit code if a blank password is specified and add a catch into the adduser script.
passwd itself is invoked directly in the script, so either passwd would need to be modified or you'd need to check and see if passwd passes a specific exit code if a blank password is specified and add a catch into the adduser script.
I wouldn't care about passwd in the helper script /usr/sbin/adduser, but focus on the interaction with the user, its sole purpose for being provided in the first place.
Now with the PAM-ification it wouldn't let you provide an empty password (pressing Enter repeatedly) and you have to either enter one or just kill it:
Quote:
New password:
BAD PASSWORD: No password supplied
Retype new password:
No password supplied
passwd: Authentication token manipulation error
passwd: password unchanged
- Warning: An error occured while setting the password for
this account. Please try again.
New password: Terminated
Unless the adduser script has changed in -current, this looks to be an issue with passwd directly since the script just calls passwd and if it doesn't complete the process properly (an exit code other than 0), then it is supposed to exit the adduser script after displaying a warning.
Code:
# Set a password
$passwd "$LOGIN"
if [ $? -gt 0 ]; then
echo "* WARNING: An error occured while setting the password for"
echo " this account. Please manually investigate this *"
exit 1
fi
Since your error seems to be different than this, it looks to be something built into the passwd binary. If there's no flags to adjust this behavior, then adduser will either need to be changed to reflect this or adduser just won't support adding accounts with blank passwords.
I suppose it is possible for the script to ask if a user is expected to have a blank passwd and then either issue passwd -d on that user or exit and let root do it themselves after. If they answer that the user is expected to have the passwd, then they could run passwd normally. There doesn't seem to be a way to allow scripting of changing the passwd (unless -current's passwd binary is different than 14.2's).
The output is from a recently updated (today) Slackware ARM -current. And my proposal (question) was to fix the adduser script, make it behave like before the PAM-ification. In this PAM context now, just use a condition to catch if the user is pressing Enter multiple times at the Password question and don't call & pass anything to passwd yet, but use "passwd -d <user>" in this case.
Slackware 14.2 - "unPAM-ified" classic behavior of the adduser script.
Code:
Enter the new password (minimum of 5 characters)
Please use a combination of upper and lower case letters and numbers.
New password:
Bad password: too short.
Warning: weak password (enter it again to use it anyway).
New password:
Re-enter new password:
passwd: password changed.
Account setup complete.
Again, it's a question/proposal/wonder ... whatever. I just noticed this new behavior of the adduser script after PAM-ifying the -current on ARM and recalled that there was a recent discussion in the main Slackware forum (this thread).
I forgot that Pat changed adduser about a year back. When he did, he introduced the possibility of an infinite loop for chfn and passwd in the adduser script. I had suggested an alternative, but it was never taken (maybe missed or felt it wasn't necessary at the time).
Code:
# Set the finger information
$chfn "$LOGIN"
while [ $? -gt 0 ]; do
echo "- Warning: an error occurred while setting finger information."
answer=$(get_input " Would you like to try again? (Y/n) ")"
if [ "$(echo $answer | grep -i "n")" ]; then
break
fi
$chfn "$LOGIN"
done
# Set a password
$passwd "$LOGIN"
while [ $? -gt 0 ]; do
echo "- Warning: An error occurred while setting the password for"
answer=$(get_input " this account. Would you like to try again? (Y/n) ")"
if [ "$(echo $answer | grep -i "n")" ]; then
break
fi
$passwd "$LOGIN"
done
I'll throw this into the Requests for -current thread to see if Pat is interested in adjusting adduser.
Well, thing is, modifying adduser is less invasive (and cleaner) than goofing around with the upstream passwd and the whole PAM orchestration.
I wasn't really suggesting modifying upstream, but instead the adduser portion adding the option. I don't know if it'd be possible to catch the user hitting enter multiple times since the prompt is provided by passwd itself.
I suppose there could also be an option added to allow someone to delete the "password" if passwd isn't ran successfully.
Just had a closer look at the updated (-current) adduser script and learned that it actually calls passwd directly and that passwd doesn't have a non-interactive mode anymore. Thus, no way to read user input and stop if it presses enter, at least not with passwd. chpasswd could be an option. https://stackoverflow.com/questions/...a-shell-script
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.