[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] Making shadow passwords compulsory
Suse's "passwd" utility has a bit of undesired behaviour.
Most of my users don't have entries in shadow,
they depend on pam_krb5 for authentication.
So /etc/shadow is very short,
it only has lines for root and a few sysadmins.
I want for everyone else (system accounts like FTP and regular users)
to be denied even the possibility of a locally stored password.
Now in the past (under solaris) passwd would grumble and fail
unless that username already had a line present in shadow.
THIS passwd just bungs the encrypted string into /etc/passwd! Argh!
Nobody ever wants to go back to un-shadowed passwords.
How can I turn off this unwantedly obliging behaviour?
Michael James michael.james@xxxxxxxx
System Administrator voice: 02 6246 5040
CSIRO Bioinformatics Facility fax: 02 6246 5166
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here