Date: Thu, 30 Jun 2005 15:03:14 GMT From: Wolfgang Lausenbart <u@netbeisser.de> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/82823: no problem, but little addon for /etc/periodic/400.passwdless Message-ID: <200506301503.j5UF3EH0028810@www.freebsd.org> Resent-Message-ID: <200506301510.j5UFA29A089117@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 82823
>Category: misc
>Synopsis: no problem, but little addon for /etc/periodic/400.passwdless
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jun 30 15:10:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Wolfgang Lausenbart
>Release: FreeBSD 5.4
>Organization:
netbeisser.de
>Environment:
FreeBSD5.4
>Description:
--- 400.passwdless.backup Wed Jun 29 19:21:24 2005
+++ 400.passwdless Wed Jun 29 19:22:10 2005
@@ -45,4 +45,16 @@
*) rc=0;;
esac
+#exit "$rc"
+
+case "$daily_status_security_passwdless_enable" in
+#this needs to be defined first
+#case "$daily_status_security_pam_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo 'Checking for weak pam configuration:'
+ grep 'optional' /etc/pam.d/* | grep -v '#' | grep -v README;;
+
+ *) rc=0;;
+esac
+
exit "$rc"
>How-To-Repeat:
Just goto /etc/pam.d/ and replace
"auth required" with "auth optional" a.s.f.
and local users could login without
password. I think it is good style to check
for this.
>Fix:
not critical, but apply if you want.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506301503.j5UF3EH0028810>