Users without a password?

Caleb Marcus caleb.marcus at gmail.com
Sat Nov 24 06:06:17 UTC 2007


On Fri, 2007-11-23 at 15:00 -0700, Smoot Carl-Mitchell wrote:

> An account with an empty password field in /etc/passwd will authenticate
> without a password.  This allows passwordless accounts for all services,
> so be aware of the security risks associated with this change.  A
> reference for this flag is:
> 
> http://archives.neohapsis.com/archives/pam-list/2005-08/0014.html
> 

What sort of security risks are you talking about? I'm just creating an
unprivileged guest account that can't really do anything on the
system... are there any risks beyond the possibility of someone being
able to get into that account without a password?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20071124/234aea0b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20071124/234aea0b/attachment.sig>


More information about the ubuntu-users mailing list