Date: Thu, 18 Dec 2003 17:27:43 +0300 From: Sergey 'DoubleF' Zaharchenko <doublef@tele-kom.ru> To: "Rhys John" <elite_bizkit@hotmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: master.passwd -- securing Message-ID: <20031218172743.29c0fa30.doublef@tele-kom.ru> In-Reply-To: <LAW10-F49DmiMzaABwu00044cd3@hotmail.com> References: <LAW10-F49DmiMzaABwu00044cd3@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Signature=_Thu__18_Dec_2003_17_27_43_+0300_0nQP/Qx3H_W3jj7p Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit On Thu, 18 Dec 2003 11:44:14 +0000 "Rhys John" <elite_bizkit@hotmail.com> probably wrote: > Both accounts are now active but i would like to remove the encrypted > password from master.passwd and replace it with a *. Is this possible with > "vipw"? > It doesn't matter what you use for editing your password files (at least for this point). If you have a `*' in your master.passwd, that means that direct console logins for that user are disabled. If you are so much embarassed about root having a password, you may use sudo (from ports) and allow a certain user to "sudo sh" to gain root priveleges, for instance. He (you as a user) will then have to enter his own password, not root's. This way, you exchange a cracker's job of cracking your root password for a job of cracking your user password, so it's not much more secure:). > Thanks for your reply hugle > > >From: hugle <hugle@vkt.lt> > >Reply-To: hugle <hugle@vkt.lt> > >To: freebsd-questions@freebsd.org > >Subject: Re: master.passwd -- securing > >Date: Thu, 18 Dec 2003 03:39:18 -0800 > > > >RJ> Ive been playing with "vipw" trying to change passwords into "*" for a > >RJ> slightly higher level of security but ran into some very big problems. > >RJ> From reading through the FreeBSD handbook it seemed all i had to do was replace > >RJ> the encrypted password with *, which is what i did. I thought it seemed > >RJ> bit odd but continued anyway. Foolishly (although i was quite tired) i did > >RJ> this to both my user account and root. So they both had * as their password > >RJ> and looked the same as every other entry in the file. I saved it and "vipw" > >RJ> updated the database so i thought all was well and logged off to check... > >RJ> big mistake! The net result of this was not good, i couldnt access my user > >RJ> account or root :( Anyway i had to cut the power to my PC since i couldnt > >RJ> shut it down because i was locked out. After that i went into single user > >RJ> mode and changed the passwords back and its working now but i cant hide the > >RJ> passwords. So i guess after all this rambling my question is how to i secure > >RJ> the password file? How do i change from the encrypted password to * without > >RJ> screwing over my system? Any help would by much appreciated > >try doing that: > >#Forget your root pw? > >1. Reboot. when you see the "boot" prompt, type boot -s and hit enter > >2. run this command: fsck -p / && mount -u / > >3. use the `passwd` command to set a password for root > >4. reboot, done > > > >hope that helps.. > > > > > >_______________________________________________ > >freebsd-questions@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-questions > >To unsubscribe, send any mail to > >"freebsd-questions-unsubscribe@freebsd.org" > > _________________________________________________________________ > Find a cheaper internet access deal - choose one to suit you. > http://www.msn.co.uk/internetaccess > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- DoubleF Violence is the last refuge of the incompetent. -- Salvor Hardin --Signature=_Thu__18_Dec_2003_17_27_43_+0300_0nQP/Qx3H_W3jj7p Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/4bl1wo7hT/9lVdwRAucUAJ9xUMPqhtddJDdyal1ecEjLTDTfQgCePHb4 z5CsjrENVoKUulU8DwKHrjY= =gigX -----END PGP SIGNATURE----- --Signature=_Thu__18_Dec_2003_17_27_43_+0300_0nQP/Qx3H_W3jj7p--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031218172743.29c0fa30.doublef>