Rodolfo J. Paiz wrote:That is not only wrong, but also very dangerous. You are, in effect, allowing anyone to connect since they do not have to know anything.
Please do not recommend this to others.
How so? I just now set up an account on one of my boxes with no password. Now when I try to ssh to the box as that user, and enter no password, I get authentication failed. Also, if I'm logged into the box as a non-root user, and try to su to that account, I enter no password, and get the same thing. Not that I'm doubting that it can be dangerous, I just want to know how it can be exploited, as there a few accounts which have /bin/bash as their shell, and no password by default (installing mysql from RPM comes to mind).
We may be talking about different things and have gotten misunderstood. Allow me to be more specific: having a blank password is evil, since the user need only hit Enter when prompted and he's into your system. Having no password at all and having logins disabled (i.e. having a * or !! in /etc/shadow) is not a bad thing.
-- Rodolfo J. Paiz [EMAIL PROTECTED]
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
