Date: Thu, 07 Mar 2013 10:55:18 +0200 From: George Mamalakis <mamalos@eng.auth.gr> To: doc@freebsd.org Subject: Default empty root password should be documented Message-ID: <513855F6.2020209@eng.auth.gr>
next in thread | raw e-mail | index | archive | help
Hi all, Recently on one of my systems I installed a jail from scratch (I usually copy my jails from other machines). Before running it, I checked to see if the password format was the one I was expecting to be with vipw(8) and I saw that the root password was empty. I understand that this is the case with "make installworld" and that it is also the case when installing a system from CLI; it's not the first time I noticed it, and I suppose there is a reason for root's default password to be empty and not starred out -probably to prevent someone from getting locked out from the machine accidentally before setting a root password-. Furthermore, I know that this is documented in jail(8)'s man page, but due to the security risk imposed when someone forgets to set a password for root, I see no reason why a reminder for setting the root password should not be mentioned in the Handbook's jail section as well, with bold fonts or in a warning-box. Thank you all for your time in advance, George Mamalakis.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?513855F6.2020209>