Date: Fri, 12 Oct 2001 17:10:22 +0700 From: Max Khon <fjoe@iclub.nsu.ru> To: security@freebsd.org Subject: [marck@rinet.ru: Re: adduser and passwords] Message-ID: <20011012171022.A24494@iclub.nsu.ru>
next in thread | raw e-mail | index | archive | help
hi, there! Seems like a good idea. I thought just about the same today when I was adding user who will be able to login only using DSA auth. Any objections if I commit this? ----- Forwarded message from Dmitry Morozovsky <marck@rinet.ru> ----- Date: Fri, 12 Oct 2001 13:35:44 +0400 (MSD) From: Dmitry Morozovsky <marck@rinet.ru> To: William Wong <willwong@samurai.com> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: adduser and passwords On Fri, 12 Oct 2001, William Wong wrote: [...] Here is quick'n'dirty fix to adduser (this should be done more politely, sure ;-) to put '*' when password is empty to not open your system with passwordless user between adding new user and changing its password. Index: adduser.perl =================================================================== RCS file: /home/ncvs/src/usr.sbin/adduser/adduser.perl,v retrieving revision 1.44.2.2 diff -u -r1.44.2.2 adduser.perl --- adduser.perl 2001/07/30 23:56:48 1.44.2.2 +++ adduser.perl 2001/10/12 09:35:23 @@ -710,7 +710,7 @@ if (&new_users_ok) { $new_users_ok = 1; - $cryptpwd = ""; + $cryptpwd = "*"; $cryptpwd = crypt($password, &salt) if $password ne ""; # obscure perl bug $new_entry = "$name\:" . "$cryptpwd" . ----- End forwarded message ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011012171022.A24494>