passwd -d, dialups and anonymous UUCP.

Michael Richardson michael at fts1.uucp
Wed Jun 13 04:04:29 AEST 1990


  I'm having a bit of a problem with /etc/login.

  There are a number of logins that should NOT have passwords,
and for which I don't want one prompted for -- i.e. the "sync"
login. Not likely "hold-my-hand" utilities that I don't fully
understand, I usually just edit /etc/passwd and/or /etc/shadow
myself, removing the password field, replacing it with NONE,
or "*".....

  I had when configuring UUCP put in an "anonymous" uucp login --- it
has a seperate uid, a different home directory, and an entry in Permissions
letting it read from the uunet tape that it presently online.

  I thought I would actually test this yesterday and discovered something
rather interesting -- I got prompted for to set a new password. I thought
that was rather strange, and logged in and starting looking around to
try and figure out what was going on. "telnet localhost" let me login
without a password, and su had no problems. 
  I'm also sure that I have used the sync login from the system 
console and likely also from the vt's... 

  I looked around /etc for something that might be telling login
what devices to "trust" [SunOS has such a feature, in /etc/ttytype
I think.]  My /etc/ttytype just had device->default TERM values.
ttyd0 wasn't among them, so I added it. 
  No luck.

  About this time I decided to RTFM, and discovered some options
to /bin/passwd that I didn't know existed. At first, I thought that 
"locking" it meant that it would lock the current password in place,
(disabling that silly password expiration stuff. Reading further lead
to -x -1.)
not lock the account.... I did this to an admin account or two before
realising that that I was wrong. I don't think that replacing the
password with "NONE" is such a good idea, at least not without 
putting the old encrypted password somewhere else, in case it needs
to be restored. 
  So, /bin/passwd couldn't do anything that I didn't already know
about.
  As a last resort, I did a strings on /bin/login, which did
reveal /etc/dialups and /etc/d_passwd, but that stuff is for adding
ADDITIONAL passwords, not removing them if I'm not mistaken. (I wonder
where I stuck the info on this stuff? The glories of 10meg ~/News 
dirs.)

  Whether anonymous uucp logins (without any password) are a good
idea or not is another issue --- what about "bbs", "guest", and 
the like? 
  Is it possible?

-- 
   :!mcr!:               | Tellement de lettres, si peu de temps.
   Michael Richardson    |  If Meech passes, no one will understand that.
 Play: mcr at julie.UUCP Work: michael at fts1.UUCP Fido: 1:163/109.10 1:163/138
    Amiga----^     - Pay attention only to _MY_ opinions. -   ^--Amiga--^



More information about the Comp.unix.i386 mailing list