From owner-freebsd-security Fri Oct 12 3:10:36 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.nsu.ru (b.ns.ssc.nsu.ru [193.124.215.221]) by hub.freebsd.org (Postfix) with ESMTP id ECEE137B401 for ; Fri, 12 Oct 2001 03:10:30 -0700 (PDT) Received: from iclub.nsu.ru ([193.124.222.66] ident=root) by mail.nsu.ru with esmtp (Exim 3.20 #1) id 15rzGq-00089t-00 for security@freebsd.org; Fri, 12 Oct 2001 17:10:24 +0700 Received: (from fjoe@localhost) by iclub.nsu.ru (8.11.6/8.11.6) id f9CAANB24654 for security@freebsd.org; Fri, 12 Oct 2001 17:10:23 +0700 (NSS) (envelope-from fjoe) Date: Fri, 12 Oct 2001 17:10:22 +0700 From: Max Khon To: security@freebsd.org Subject: [marck@rinet.ru: Re: adduser and passwords] Message-ID: <20011012171022.A24494@iclub.nsu.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org hi, there! Seems like a good idea. I thought just about the same today when I was adding user who will be able to login only using DSA auth. Any objections if I commit this? ----- Forwarded message from Dmitry Morozovsky ----- Date: Fri, 12 Oct 2001 13:35:44 +0400 (MSD) From: Dmitry Morozovsky To: William Wong Cc: freebsd-stable@FreeBSD.ORG Subject: Re: adduser and passwords On Fri, 12 Oct 2001, William Wong wrote: [...] Here is quick'n'dirty fix to adduser (this should be done more politely, sure ;-) to put '*' when password is empty to not open your system with passwordless user between adding new user and changing its password. Index: adduser.perl =================================================================== RCS file: /home/ncvs/src/usr.sbin/adduser/adduser.perl,v retrieving revision 1.44.2.2 diff -u -r1.44.2.2 adduser.perl --- adduser.perl 2001/07/30 23:56:48 1.44.2.2 +++ adduser.perl 2001/10/12 09:35:23 @@ -710,7 +710,7 @@ if (&new_users_ok) { $new_users_ok = 1; - $cryptpwd = ""; + $cryptpwd = "*"; $cryptpwd = crypt($password, &salt) if $password ne ""; # obscure perl bug $new_entry = "$name\:" . "$cryptpwd" . ----- End forwarded message ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message