Editing /etc/passwd to disable password not working
marius at pov.lt
Thu Mar 1 13:28:33 UTC 2012
On Thu, Mar 01, 2012 at 05:58:41PM +0530, Santanu Chatterjee wrote:
> On Thu, Mar 1, 2012 at 4:13 PM, Ken Adams <adams.ken.j at gmail.com> wrote:
> > On Thu, 2012-03-01 at 14:56 +0530, Santanu Chatterjee wrote:
> >> Hello Everybody,
> >> I tried to disable the password of an account on my home ubuntu 11.04
> >> box, by blanking the 2nd field of the corresponding user line in
> >> /etc/passwd and /etc/shadow file. However, whenever I try to login to
> >> the user account I am still being asked for the password and just
> >> pressing 'enter' is not working.
> >> Is there something else that I should be doing? IIRC, I have tried
> >> this some time back in probably ubuntu 8.10 (or maybe some lower
> >> version) and it used to work.
> >> Thanks and regards,
> >> Santanu
> > If you use the following the account will stay in place but be inactive.
> > sudo passwd --lock [LOGIN]
> > If you wish to activate the account again then use...
> > sudo passwd --unlock [LOGIN]
> > This will put activate the account with the original password.
> > man passwd is your friend
> Yes, its as you said. But this seems to be betraying me! Even "passwd
> --delete [LOGIN]" does not render the account passwordless as apparent
> from the manual. The commands you mentioned work, but I could do the
> same thing using "sudo vipw" and "sudo vipw -s" to directly edit the
> passwd and shadow files, and that works.
/etc/shadow should be the only file you need to edit. (But don't do
that; use passwd --delete.)
> I think there something else in play here. Any ideas?
Having a blank password may not be enough to log in; the PAM module
needs to accept blank passwords too. The default configuration uses
pam_unix.so with nullok_secure, which means a blank password is only
accepted if the user is trying to login from a terminal listed in
How exactly did you try to log in? Via GDM? /etc/securetty
lists :0 so X logins should be allowed, but maybe GDM itself has
an option about this?
I see a curious line in /etc/pam.d/gdm on my 11.04 box:
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
Maybe this means gdm will accept passwordless logins if the user is
added to a 'nopasswdlogin' group? This is the first time I see such a
group mentioned, though, so maybe I'm misunderstanding something.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 190 bytes
Desc: Digital signature
More information about the ubuntu-users