Re: passwordless root login

• Previous message: Brian McGroarty: "Re: grip in unstable"
• In reply to: J. Bruce Fields: "Re: passwordless root login"
• Next in thread: Bijan Soleymani: "Re: passwordless root login"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 14 Oct 2003 16:59:47 -0400
To: debian-user@lists.debian.org

On Tue, Oct 14, 2003 at 04:02:22PM -0400, J. Bruce Fields wrote:
| On Mon, Oct 13, 2003 at 03:58:41PM -0400, Bijan Soleymani wrote:

| > best way is to:
| > edit /etc/pam.d/login
| > comment out the line
| > #auth required pam_unix.so nullok
| > by placing a "#" at the beginning.
| >
| > Then the login program won't even ask for a password. That's what I use
| > on my console. All other programs like ftp and ssh will still ask for
| > passwords though. Just make sure you don't use telnet as it does use
| > login. If you need to disable passwords for any other program then
| > simply edit its pam file.
|
| Thanks, but with those lines removed I end up with all logins failing
| automatically and no request for a password. This may be something that
| changed sometime between stable and unstable--I used to use a similar
| trick to allow local gdm logins without a password, but that stopped
| working at some point--I think the pam stuff has changed a bit.

pam requires the requested category to be defined. That is, if the
appliation asks pam if the auth is valid, pam will say "no" if auth is
not defined for that service. Use pam_permit.so if you want all auth
credentials to be permitted. (conversely use pam_deny.so if you want
all credentials to be denied) Those two pam modules are extremely
handy for debugging a new setup (eg postfix+sasl) and eliminating one
source of failure.

-D

-- 
"...Deep Hack Mode--that mysterious and frightening state of
consciousness where Mortal Users fear to tread."
(By Matt Welsh)
 
http://dman13.dyndns.org/~dman/

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• application/pgp-signature attachment: stored

• Previous message: Brian McGroarty: "Re: grip in unstable"
• In reply to: J. Bruce Fields: "Re: passwordless root login"
• Next in thread: Bijan Soleymani: "Re: passwordless root login"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: STMP Auth Failure ... >LOGIN unless the session is encrypted. ... allowing PLAIN and LOGIN SMTP AUTH is no greater risk ... (Fedora) Re: Defaulting domain w/integrated auth ... for internal - it will auto login since user already logged to ... > Maybe I have other setup issues but if I disable Intergrated auth the my> sharepoint server portals will not build thier search databases issuing> authorization warnings. ... (microsoft.public.inetserver.iis) Re: Exchange 2003 SMTP nicht konform zu RFC? ... >> AUTH LOGIN schreiben. ... die kein Challenge mit Daten benötigt. ... > Methode LOGIN keinen Challenge erfordert? ... Für ein SMTP-AUTH, das "LOGIN" als Authentifizierungsart unterstützt, sollte ... (microsoft.public.de.german.exchange2000.general) Re: Exchange 2003 SMTP nicht konform zu RFC? ... >> AUTH LOGIN schreiben. ... die kein Challenge mit Daten benötigt. ... > Methode LOGIN keinen Challenge erfordert? ... Für ein SMTP-AUTH, das "LOGIN" als Authentifizierungsart unterstützt, sollte ... (microsoft.public.de.german.exchange2000.setup.installation) Re: Exchange 2003 SMTP nicht konform zu RFC? ... >> AUTH LOGIN schreiben. ... die kein Challenge mit Daten benötigt. ... > Methode LOGIN keinen Challenge erfordert? ... Für ein SMTP-AUTH, das "LOGIN" als Authentifizierungsart unterstützt, sollte ... (microsoft.public.de.exchange)