-----Original Message----- > From: fedora-list-admin@xxxxxxxxxx > [mailto:fedora-list-admin@xxxxxxxxxx]On Behalf Of Frank Turscak > Sent: Thursday, January 08, 2004 9:23 PM > To: fedora-list@xxxxxxxxxx > Subject: Re: Blank password works for root > > > Bill Beeman wrote: > > >"Bevan C. Bennett" <bevan@xxxxxxxxxxxxxxxx> wrote in message > >news:3FFE03D5.5030505@xxxxxxxxxxxxxxxxxxx > > > > > >>Bill Beeman wrote: > >> > >> > >>>I just discovered that I can log into my FC1 box as root > with either the > >>>root password, or by simply leaving the password blank! > >>> > >>>Functions this way from a command line, or in a terminal > within either > >>>KDE or Gnome. > >>> > >>> > >>What exactly are you doing to 'log in'? > >>Is this with 'su' from an existing command line, from the system > >>console, or with a remote access program like ssh, telnet or rlogin? > >> > >>If possible, see if the behavior is consistant between > using su after > >>logging in as a non-root user, logging in on console, or > connecting with > >>ssh? > >> > >>The first place I'd look in this case is in /etc/pam.d/ > >>See if there are any files named *.rpmnew and if so check out the > >>differences between them and the originals. Look especially > to see if > >>anything has pam_rootok.so listed, and where. > >> > >> > > > >This is consistent, whether from console, existing command > line, or ssh from > >elsewhere, > >and works whether logging in as root, or by su from another user. In > >essence, no > >root security. > > > >I've run chkrootkit-0.43, which comes up clean. > > > >However, comparing /etc/pam.d/system-auth with > system-auth.rpmnew, I noticed > >the line > > > >auth sufficient /lib/security/$ISA/pam_unix.so > likeauth nullok > > > >in both. removing "likeauth nullok" seems to solve the > problem, but leaves > >the question of how it got that way. System-auth notes that > it will be > >regenerated and user changes discarded when authconfig is > run. I'll play > >with that a bit, but don't recall running that before. > Anyone have any ideas > >what may have generated this? > > > >Bill > > > > > >Run "man sudoers". Seems to me something in the file > "/etc/sudoers" might have gone awry. > > > > > Frank > In /etc/sudoers, the only uncommented line is: root ALL=(ALL) ALL which looks OK. Running authconfig puts the "likeauth nullok" back into system-auth, which recreates the problem. Looks like I need to put more time into the pam man pages. Bill
