root@medsys.UUCP (Super user) (09/20/89)
Has anyone been able to make an account on Unix 3.2 with NO password? This is desirable for anonymous BBS login.
karl@ddsw1.MCS.COM (Karl Denninger) (09/21/89)
In article <803@medsys.UUCP> root@medsys.UUCP (Super user) writes: >Has anyone been able to make an account on Unix 3.2 with NO password? >This is desirable for anonymous BBS login. I certainly hope this is possible. If not we're going to be quite a bit less interested in 3.2, as our captive BBS service (free to anyone who calls our data number) won't work without it. -- Karl Denninger (karl@ddsw1.MCS.COM, <well-connected>!ddsw1!karl) Public Access Data Line: [+1 312 566-8911], Voice: [+1 312 566-8910] Macro Computer Solutions, Inc. "Quality Solutions at a Fair Price"
fyl@ssc.UUCP (Phil Hughes) (09/22/89)
In article <803@medsys.UUCP>, root@medsys.UUCP (Super user) writes: > Has anyone been able to make an account on Unix 3.2 with NO password? > This is desirable for anonymous BBS login. I haven't touched SCO Unix 3.2 but I don't see why this would be a problem. Just vi /etc/shadow and do as you want. -- Phil Hughes, SSC, Inc. P.O. Box 55549, Seattle, WA 98155 (206)FOR-UNIX amc-gw!ssc!fyl or uunet!pilchuck!ssc!fyl or attmail!ssc!fyl
Lefty@cup.portal.com (Christopher B Durham) (09/23/89)
Sure, it's possible to create an anonymous UUCP login on SCO UNIX 3.2 When creating the user and the sysadmsh asks you to assign an initila password, hit <RETURN> when it asks you enter and verify the new password. This will set the password to just a CR. However, the system will *always* ask you for a password, even if there isn't one. In these cases, the Systems file or L.sys must look for a Password prompt, and send a return: sys Any ACU 2400 1234567 ogin:--ogin:--ogin: uucp word: \r The \r normally sends a return. There is no way to stop the system from sending out a Password: prompt. -chris durham Lefty@cup.portal.com
palowoda@fiver.UUCP (Bob Palowoda) (09/23/89)
From article <1989Sep21.151325.8827@ddsw1.MCS.COM>, by karl@ddsw1.MCS.COM (Karl Denninger): > In article <803@medsys.UUCP> root@medsys.UUCP (Super user) writes: >>Has anyone been able to make an account on Unix 3.2 with NO password? >>This is desirable for anonymous BBS login. > Try 'passwd -d login_name' ---Bob P.S. An annoying feature of unix 3.2 is password ageing. I don't know if its the same on the C2 version of SCO's unix but to turn it off: 'passwd -x -1 login_name' -- Bob Palowoda packbell!indetech!palowoda *Home of Fiver BBS* login: bbs Home {sun|dasiy}!ys2!fiver!palowoda (415)-623-8809 1200/2400 Work {sun|pyramid|decwrl}!megatest!palowoda (415)-623-8806 2400/9600/19200 TB Voice: (415)-623-7495 Public access UNIX XBBS
jackv@turnkey.gryphon.COM (Jack F. Vogel) (09/24/89)
In article <190@ssc.UUCP> fyl@ssc.UUCP (Phil Hughes) writes: >In article <803@medsys.UUCP>, root@medsys.UUCP (Super user) writes: >> Has anyone been able to make an account on Unix 3.2 with NO password? >> This is desirable for anonymous BBS login. >I haven't touched SCO Unix 3.2 but I don't see why this would >be a problem. Just vi /etc/shadow and do as you want. It is almost this simple, but there is one further change that you must make under 3.2 in order for it to work. I was really confused for a while because I would make the shadow entry for nuucp's passwd empty and I would still get a password prompt even though hitting return would be sufficient. It turns out that there is a little file: /etc/default/login which has a line that by default looks like: PASSREQ=YES; this is what is forcing the prompt. Simply change that to NO and then unpassworded logins work just fine. -- Jack F. Vogel jackv@seas.ucla.edu AIX Technical Support - or - Locus Computing Corp. jackv@ifs.umich.edu
jackv@turnkey.gryphon.COM (Jack F. Vogel) (09/24/89)
In article <22426@cup.portal.com> Lefty@cup.portal.com (Christopher B Durham) writes: > >Sure, it's possible to create an anonymous UUCP login on SCO UNIX 3.2 >There is no way to stop the system from sending out a Password: prompt. See my other posting on this, I believed this statement to be true for some time also, but unless SCO is doing something different that ISC (and I don't believe they are), then this simply is not true, the only problem is that you have PASSREQ=YES in the /etc/default/login file. -- Jack F. Vogel jackv@seas.ucla.edu AIX Technical Support - or - Locus Computing Corp. jackv@ifs.umich.edu
davidsen@crdos1.crd.ge.COM (Wm E Davidsen Jr) (09/25/89)
In article <656@fiver.UUCP>, palowoda@fiver.UUCP (Bob Palowoda) writes: | P.S. An annoying feature of unix 3.2 is password ageing. I don't know | if its the same on the C2 version of SCO's unix but to turn it off: | 'passwd -x -1 login_name' A good tip, but what may be annoying to a hobbiest is a useful secuity feature in some uses. -- bill davidsen (davidsen@crdos1.crd.GE.COM -or- uunet!crdgw1!crdos1!davidsen) "The world is filled with fools. They blindly follow their so-called 'reason' in the face of the church and common sense. Any fool can see that the world is flat!" - anon
rickf@pmafire.UUCP (rick furniss) (09/25/89)
SCO Unix 3.2 dosent use /etc/shadow. SCO 3.2 uses /tcb/files/auth/?/username If you want to try it, take out the passwd (encoded), at this location. SCO unix 3.2 uses a trusted database type system to meet C.2 security standards. I,ve not had time to really mess with it yet, and I,m no expert on the tcb, but SCO unix 3.2 IS a MUCH more secure Unix then I,ve ever seen before. (standard disk-claimer) Rick Furniss 208-526-3185
goer@sophist.uucp (Richard Goerwitz) (09/26/89)
A recent exchange: >| P.S. An annoying feature of unix 3.2 is password ageing. I don't know >| if its the same on the C2 version of SCO's unix but to turn it off: >| 'passwd -x -1 login_name' > > A good tip, but what may be annoying to a hobbiest is a useful secuity >feature in some uses. This comment is indicative of what is, sadly, a widespread fallacy: That anyone who uses a 2-user system without a need for password security is, by implication, a hobbyist. Many of us use personal Xenix systems for serious work, but do all news-reading, mailing, etc. from a different ma- chine. I say this, not out of annoyance at the posting, but out of a wish (naive?) that the Unix world not make the simplistic equation, single or double-user system = (dumb or unimportant) "hobbyist." -Richard L. Goerwitz goer@sophist.uchicago.edu rutgers!oddjob!gide!sophist!goer
davidsen@crdos1.crd.ge.COM (Wm E Davidsen Jr) (09/26/89)
In article <5529@tank.uchicago.edu>, goer@sophist.uucp (Richard Goerwitz) writes: | >He's quoting me, here: | > | > A good tip, but what may be annoying to a hobbiest is a useful secuity | >feature in some uses. | | This comment is indicative of what is, sadly, a widespread fallacy: That | anyone who uses a 2-user system without a need for password security is, | by implication, a hobbyist. Actually I was refering to the spectrum of machines from the "1 user, no external connections" to the public access systems. I was not categorizing any particular machine as one thing or another, just covering the bases on range of use. I use the term hobbyist in the sense of a system used for personal, non-commercial purposes, not as a perjurative in any sense. -- bill davidsen (davidsen@crdos1.crd.GE.COM -or- uunet!crdgw1!crdos1!davidsen) "The world is filled with fools. They blindly follow their so-called 'reason' in the face of the church and common sense. Any fool can see that the world is flat!" - anon
caf@omen.UUCP (Chuck Forsberg) (09/27/89)
PASSREQ=no doesn't work on SCO 3.2, and the word at Forum89 was that it will not be made to work, thanks to C2 requirements. This is not a bug, it's a feature (alebit one I've flamed about more than once).
chip@vector.Dallas.TX.US (Chip Rosenthal) (09/27/89)
In article <830@omen.UUCP> caf@omen.UUCP (Chuck Forsberg) writes: >PASSREQ=no doesn't work on SCO 3.2, and the word at Forum89 was that >it will not be made to work, thanks to C2 requirements. I'd strongly suggest checking out the login program John Haugh posted to alt.sources a little while back. Been running it on 2.3 for many, many months now, and am very happy with it. -- Chip Rosenthal / chip@vector.Dallas.TX.US / Dallas Semiconductor / 214-450-5337 Someday the whole country will be one big "Metroplex" - Zippy's friend Griffy