Shadow file entry question
Rich Braun
richb-RBmg6HWzfGThzJAekONQAQ at public.gmane.org
Fri Nov 19 13:06:57 EST 2010
Contents of the password field in /etc/shadow do have an impact; not just any
invalid value will do.
Case in point: I'd been running a big server farm of RHEL boxes for which
this field was set to "!!" for passwordless role accounts. When I started
adopting OpenSuSE, I found that I kept getting the following error when
attempting to create a shell session as that user:
system:~ > sudo su -
system:~ # su - role
su: incorrect password
system:~ #
The solution was to set the password string to * instead of !! in /etc/shadow;
pam will then allow a root user to create a shell as the role user's uid.
(This is necessary for cron jobs et al.) If I want to disable shell complete,
I set a null shell (/bin/false or the like) in the shell field.
OpenSuSE apparently insists that the password field be set to * if a hash
value is not otherwise set.
-rich
More information about the Discuss
mailing list