From owner-freebsd-questions Mon Jul 29 12:21:41 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id MAA16935 for questions-outgoing; Mon, 29 Jul 1996 12:21:41 -0700 (PDT) Received: from metronet.com (pgilley@fohnix.metronet.com [192.245.137.2]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id MAA16927 for ; Mon, 29 Jul 1996 12:21:38 -0700 (PDT) Received: from localhost by metronet.com with SMTP id AA17636 (5.67a/IDA1.5hp for ); Mon, 29 Jul 1996 14:22:21 -0500 Date: Mon, 29 Jul 1996 14:22:09 -0500 (CDT) From: Phil Gilley To: questions@freebsd.org Subject: Secure console bug in 2.1.5-RELEASE Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk A few days ago I posted about a problem I thought I was having with making the console secure under 2.1.5-RELEASE. While I haven't received any responses, I have verified it is a bug, or at least an undocumented change since 2.1.0-RELEASE. How to unintentionally prevent root console logins: 1. Install FreeBSD 2.1.5-RELEASE with DES. (This doesn't happen with the standard MD5 stuff.) 2. Assign a password to the root account. 3. Change the console from "secure" to "insecure" in /etc/ttys. 4. Reboot in single-user mode. After typing in the root password the system reports "init: single-user login failed" and you will NOT be able to login! You can press ^D to boot on up to multi-user mode, but if you haven't added a user account and put that account in the wheel group, root is locked out of the system. So my question is, does anyone know what is broken? Or am I doing something really stupid? Phil Gilley pgilley@metronet.com