Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 17 Oct 2001 09:00:26 -0700
From:      Fred Condo <fred@condo.chico.ca.us>
To:        Max Khon <fjoe@iclub.nsu.ru>, security@FreeBSD.ORG
Subject:   Re: [marck@rinet.ru: Re: adduser and passwords]
Message-ID:  <562796.1003309226@[192.168.1.10]>
In-Reply-To: <20011012171022.A24494@iclub.nsu.ru>
References:   <20011012171022.A24494@iclub.nsu.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
--On Friday 12 October 2001 17:10 +0700 Max Khon <fjoe@iclub.nsu.ru> wrote:

> hi, there!
>
> Seems like a good idea. I thought just about the same today
> when I was adding user who will be able to login only using DSA auth.
> Any objections if I commit this?

I don't believe this will work. A locked password is a literal '*', not a 
crypted *. I believe the correct quick and dirty patch should have this:

$cryptpwd = crypt($password, &salt) if $password ne "*";

But the question about 'use passwords?' needs to be elaborated so that the 
sysadmin can choose 'Yes', 'No', or 'Locked password', and the reply has to 
be recorded in the preferences file.

>
> ----- Forwarded message from Dmitry Morozovsky <marck@rinet.ru> -----
>
> Date: Fri, 12 Oct 2001 13:35:44 +0400 (MSD)
> From: Dmitry Morozovsky <marck@rinet.ru>
> To: William Wong <willwong@samurai.com>
> Cc: freebsd-stable@FreeBSD.ORG
> Subject: Re: adduser and passwords
>
> On Fri, 12 Oct 2001, William Wong wrote:
>
> [...]
>
> Here is quick'n'dirty fix to adduser (this should be done more politely,
> sure ;-) to put '*' when password is empty to not open your system with
> passwordless user between adding new user and changing its password.
>
> Index: adduser.perl
> ===================================================================
> RCS file: /home/ncvs/src/usr.sbin/adduser/adduser.perl,v
> retrieving revision 1.44.2.2
> diff -u -r1.44.2.2 adduser.perl
> --- adduser.perl        2001/07/30 23:56:48     1.44.2.2
> +++ adduser.perl        2001/10/12 09:35:
> @@ -710,7 +710,7 @@
>         if (&new_users_ok) {
>             $new_users_ok = 1;
>
> -           $cryptpwd = "";
> +           $cryptpwd = "*";
>             $cryptpwd = crypt($password, &salt) if $password ne "";
>             # obscure perl bug
>             $new_entry = "$name\:" . "$cryptpwd" .
>
> ----- End forwarded message -----

-- 
Fred Condo - fred@condo.chico.ca.us
Repeal the DMCA. Stop censoring Felten & Ferguson.
http://www.macfergus.com/niels/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?562796.1003309226>