Editing /etc/passwd to disable password not working

Marius Gedminas marius at pov.lt
Thu Mar 1 13:28:33 UTC 2012 

On Thu, Mar 01, 2012 at 05:58:41PM +0530, Santanu Chatterjee wrote:
> On Thu, Mar 1, 2012 at 4:13 PM, Ken Adams <adams.ken.j at gmail.com> wrote:
> > On Thu, 2012-03-01 at 14:56 +0530, Santanu Chatterjee wrote:
> >> Hello Everybody,
> >>
> >> I tried to disable the password of an account on my home ubuntu 11.04
> >> box, by blanking the 2nd field of the corresponding user line in
> >> /etc/passwd and /etc/shadow file. However, whenever I try to login to
> >> the user account I am still being asked for the password and just
> >> pressing 'enter' is not working.
> >>
> >> Is there something else that I should be doing? IIRC, I have tried
> >> this some time back in probably ubuntu 8.10 (or maybe some lower
> >> version) and it used to work.
> >>
> >> Thanks and regards,
> >> Santanu
> >>
> >
> > If you use the following the account will stay in place but be inactive.
> >
> > sudo passwd --lock [LOGIN]
> >
> > If you wish to activate the account again then use...
> >
> > sudo passwd --unlock [LOGIN]
> >
> > This will put activate the account with the original password.
> >
> > man passwd is your friend
> 
> Yes, its as you said. But this seems to be betraying me! Even "passwd
> --delete [LOGIN]" does not render the account passwordless as apparent
> from the manual. The commands you mentioned work, but I could do the
> same thing using "sudo vipw" and "sudo vipw -s" to directly edit the
> passwd and shadow files, and that works.

/etc/shadow should be the only file you need to edit.  (But don't do
that; use passwd --delete.)

> I think there something else in play here. Any ideas?

Having a blank password may not be enough to log in; the PAM module
needs to accept blank passwords too.  The default configuration uses
pam_unix.so with nullok_secure, which means a blank password is only
accepted if the user is trying to login from a terminal listed in
/etc/securetty.

How exactly did you try to log in?  Via GDM?  /etc/securetty
lists :0 so X logins should be allowed, but maybe GDM itself has
an option about this?

I see a curious line in /etc/pam.d/gdm on my 11.04 box:

  auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin

Maybe this means gdm will accept passwordless logins if the user is
added to a 'nopasswdlogin' group?  This is the first time I see such a
group mentioned, though, so maybe I'm misunderstanding something.

Marius Gedminas
-- 
Shift happens.
		-- Doppler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20120301/55241675/attachment.sig>

More information about the ubuntu-users mailing list