Date: Fri, 26 May 2023 10:35:23 -0700 From: bob prohaska <fbsd@www.zefox.net> To: freebsd-current@freebsd.org Cc: bob prohaska <fbsd@www.zefox.net> Subject: Surprise null root password Message-ID: <ZHDt21wFlpJfQKEs@www.zefox.net>
next in thread | raw e-mail | index | archive | help
While going through normal security email from a Pi2 running -current I was disturbed to find: Checking for passwordless accounts: root::0:0::0:0:Charlie &:/root:/bin/sh The machine had locked up on a -j4 buildworld since sending the mail, so it was taken off the net, power cycled and started single-user. Sure enough, /etc/master.passwd contained a null password for root, but the last modification to the file was two weeks ago according to ls -l. Stranger still, when fsck'd and brought up multi-user, the normal password was still honored and a null password rejected for both regular and root account. AFAIK, /etc/master.passwd is _the_ password repository, but clearly I'm wrong. If somebody can tell me what's going on and what to check for before placing the machine back on line it would be much appreciated. Thanks for reading, bob prohaska
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZHDt21wFlpJfQKEs>