Date: Fri, 12 Oct 2001 17:10:22 +0700 From: Max Khon <fjoe@iclub.nsu.ru> To: security@freebsd.org Subject: [marck@rinet.ru: Re: adduser and passwords] Message-ID: <20011012171022.A24494@iclub.nsu.ru>
next in thread | raw e-mail | index | archive | help
hi, there!
Seems like a good idea. I thought just about the same today
when I was adding user who will be able to login only using DSA auth.
Any objections if I commit this?
----- Forwarded message from Dmitry Morozovsky <marck@rinet.ru> -----
Date: Fri, 12 Oct 2001 13:35:44 +0400 (MSD)
From: Dmitry Morozovsky <marck@rinet.ru>
To: William Wong <willwong@samurai.com>
Cc: freebsd-stable@FreeBSD.ORG
Subject: Re: adduser and passwords
On Fri, 12 Oct 2001, William Wong wrote:
[...]
Here is quick'n'dirty fix to adduser (this should be done more politely,
sure ;-) to put '*' when password is empty to not open your system with
passwordless user between adding new user and changing its password.
Index: adduser.perl
===================================================================
RCS file: /home/ncvs/src/usr.sbin/adduser/adduser.perl,v
retrieving revision 1.44.2.2
diff -u -r1.44.2.2 adduser.perl
--- adduser.perl 2001/07/30 23:56:48 1.44.2.2
+++ adduser.perl 2001/10/12 09:35:23
@@ -710,7 +710,7 @@
if (&new_users_ok) {
$new_users_ok = 1;
- $cryptpwd = "";
+ $cryptpwd = "*";
$cryptpwd = crypt($password, &salt) if $password ne "";
# obscure perl bug
$new_entry = "$name\:" . "$cryptpwd" .
----- End forwarded message -----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011012171022.A24494>