michael@fts1.uucp (Michael Richardson) (06/13/90)
I'm having a bit of a problem with /etc/login.
There are a number of logins that should NOT have passwords,
and for which I don't want one prompted for -- i.e. the "sync"
login. Not likely "hold-my-hand" utilities that I don't fully
understand, I usually just edit /etc/passwd and/or /etc/shadow
myself, removing the password field, replacing it with NONE,
or "*".....
I had when configuring UUCP put in an "anonymous" uucp login --- it
has a seperate uid, a different home directory, and an entry in Permissions
letting it read from the uunet tape that it presently online.
I thought I would actually test this yesterday and discovered something
rather interesting -- I got prompted for to set a new password. I thought
that was rather strange, and logged in and starting looking around to
try and figure out what was going on. "telnet localhost" let me login
without a password, and su had no problems.
I'm also sure that I have used the sync login from the system
console and likely also from the vt's...
I looked around /etc for something that might be telling login
what devices to "trust" [SunOS has such a feature, in /etc/ttytype
I think.] My /etc/ttytype just had device->default TERM values.
ttyd0 wasn't among them, so I added it.
No luck.
About this time I decided to RTFM, and discovered some options
to /bin/passwd that I didn't know existed. At first, I thought that
"locking" it meant that it would lock the current password in place,
(disabling that silly password expiration stuff. Reading further lead
to -x -1.)
not lock the account.... I did this to an admin account or two before
realising that that I was wrong. I don't think that replacing the
password with "NONE" is such a good idea, at least not without
putting the old encrypted password somewhere else, in case it needs
to be restored.
So, /bin/passwd couldn't do anything that I didn't already know
about.
As a last resort, I did a strings on /bin/login, which did
reveal /etc/dialups and /etc/d_passwd, but that stuff is for adding
ADDITIONAL passwords, not removing them if I'm not mistaken. (I wonder
where I stuck the info on this stuff? The glories of 10meg ~/News
dirs.)
Whether anonymous uucp logins (without any password) are a good
idea or not is another issue --- what about "bbs", "guest", and
the like?
Is it possible?
--
:!mcr!: | Tellement de lettres, si peu de temps.
Michael Richardson | If Meech passes, no one will understand that.
Play: mcr@julie.UUCP Work: michael@fts1.UUCP Fido: 1:163/109.10 1:163/138
Amiga----^ - Pay attention only to _MY_ opinions. - ^--Amiga--^