| 1 |
Hello |
| 2 |
|
| 3 |
I seem to have a serious problem with nis-exported passwd-entries: |
| 4 |
A single "*" in the password section of the passwd file does NOT lock |
| 5 |
the given account! The user can just hit return at the password request |
| 6 |
to log in. This seems to be not the case with local accounts. |
| 7 |
Everything else is working splendid with nis. I do not have the "+"-entry |
| 8 |
in my passwd file since it is not necessary on our other machines (I think |
| 9 |
this is only needed when using 'compat' in nsswitch..?). |
| 10 |
|
| 11 |
This can be cured by using pam_unix.so instead of pam_pwdb.so in |
| 12 |
/etc/pam.d/login. |
| 13 |
Strangely enough /etc/pam.d/sshd uses pam_pwdb.so as well but locks |
| 14 |
out the user... ... actually it does not lock out the user but simply gives a |
| 15 |
blank line after hitting return on the password request and can only be |
| 16 |
stopped by Ctrl-C... |
| 17 |
...and ssh does not use the 'nullok' modification given in /etc/pam.d/sshd |
| 18 |
and locks out users with empty password field as well. |
| 19 |
|
| 20 |
any help on this one? |
| 21 |
|
| 22 |
regards |
| 23 |
|
| 24 |
Tibor Rudas |
Archives