In looking at my system-auth file, I have the line you are referencing (with likeauth nullok) but I don't have the problem you have; no password does not work for root on my system (or for any other userid, for that matter...) While taking that off may make your problem go away, I don't think it's the solution.... There's something else going on. ---- Robert P. Nix internet: nix.robert@xxxxxxxx Mayo Clinic phone: 507-284-0844 RO-CE-8-857 page: 507-270-1182 200 First St. SW Rochester, MN 55905 ---- "Codito, Ergo Sum" "In theory, theory and practice are the same, but in practice, theory and practice are different." > -----Original Message----- > From: Bill Beeman [SMTP:bbeeman@xxxxxxxxxxxxxxx] > Sent: Friday, January 09, 2004 12:03 AM > To: fedora-list@xxxxxxxxxx > Subject: RE: Blank password works for root > > -----Original Message----- > > From: fedora-list-admin@xxxxxxxxxx > > [mailto:fedora-list-admin@xxxxxxxxxx]On Behalf Of Frank Turscak > > Sent: Thursday, January 08, 2004 9:23 PM > > To: fedora-list@xxxxxxxxxx > > Subject: Re: Blank password works for root > > > > > > Bill Beeman wrote: > > > > >"Bevan C. Bennett" <bevan@xxxxxxxxxxxxxxxx> wrote in message > > >news:3FFE03D5.5030505@xxxxxxxxxxxxxxxxxxx > > > > > > > > >>Bill Beeman wrote: > > >> > > >> > > >>>I just discovered that I can log into my FC1 box as root > > with either the > > >>>root password, or by simply leaving the password blank! > > >>> > > >>>Functions this way from a command line, or in a terminal > > within either > > >>>KDE or Gnome. > > >>> > > >>> > > >>What exactly are you doing to 'log in'? > > >>Is this with 'su' from an existing command line, from the system > > >>console, or with a remote access program like ssh, telnet or rlogin? > > >> > > >>If possible, see if the behavior is consistant between > > using su after > > >>logging in as a non-root user, logging in on console, or > > connecting with > > >>ssh? > > >> > > >>The first place I'd look in this case is in /etc/pam.d/ > > >>See if there are any files named *.rpmnew and if so check out the > > >>differences between them and the originals. Look especially > > to see if > > >>anything has pam_rootok.so listed, and where. > > >> > > >> > > > > > >This is consistent, whether from console, existing command > > line, or ssh from > > >elsewhere, > > >and works whether logging in as root, or by su from another user. In > > >essence, no > > >root security. > > > > > >I've run chkrootkit-0.43, which comes up clean. > > > > > >However, comparing /etc/pam.d/system-auth with > > system-auth.rpmnew, I noticed > > >the line > > > > > >auth sufficient /lib/security/$ISA/pam_unix.so > > likeauth nullok > > > > > >in both. removing "likeauth nullok" seems to solve the > > problem, but leaves > > >the question of how it got that way. System-auth notes that > > it will be > > >regenerated and user changes discarded when authconfig is > > run. I'll play > > >with that a bit, but don't recall running that before. > > Anyone have any ideas > > >what may have generated this? > > > > > >Bill > > > > > > > > >Run "man sudoers". Seems to me something in the file > > "/etc/sudoers" might have gone awry. > > > > > > > > Frank > > > > In /etc/sudoers, the only uncommented line is: > > root ALL=(ALL) ALL > > which looks OK. Running authconfig puts the "likeauth nullok" back into > system-auth, which recreates the problem. Looks like I need to put more > time into the pam man pages. > > Bill > > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
