Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Shadow file entry question



Contents of the password field in /etc/shadow do have an impact; not just any
invalid value will do.

Case in point:  I'd been running a big server farm of RHEL boxes for which
this field was set to "!!" for passwordless role accounts.  When I started
adopting OpenSuSE, I found that I kept getting the following error when
attempting to create a shell session as that user:

system:~ > sudo su -
system:~ # su - role
su: incorrect password
system:~ #

The solution was to set the password string to * instead of !! in /etc/shadow;
pam will then allow a root user to create a shell as the role user's uid. 
(This is necessary for cron jobs et al.)  If I want to disable shell complete,
I set a null shell (/bin/false or the like) in the shell field.

OpenSuSE apparently insists that the password field be set to * if a hash
value is not otherwise set.

-rich









BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org