> -----Original Message----- > From: fedora-list-admin@xxxxxxxxxx > Bevan C. Bennett wrote: > Subject: Re: Blank password works for root > > > Bill Beeman wrote: > > > > auth required /lib/security/$ISA/pam_env.so > > auth sufficient /lib/security/$ISA/pam_unix.so > likeauth nullok > > auth sufficient /lib/security/$ISA/pam_smb_auth.so > > use_first_pass nolocal > > auth required /lib/security/$ISA/pam_deny.so > > > > account required /lib/security/$ISA/pam_unix.so > > > > password required /lib/security/$ISA/pam_cracklib.so retry=3 > > type= > > password sufficient /lib/security/$ISA/pam_unix.so nullok > > use_authtok shadow > > password required /lib/security/$ISA/pam_deny.so > > > > session required /lib/security/$ISA/pam_limits.so > > session required /lib/security/$ISA/pam_unix.so > > > > and the (obfuscated) root entry from /etc/shadow: > > root:xxxxxxxxxxx:12426:0:99999:7::: > > > > Hope this helps.. > > Yeah! Now we're getting somewhere... > Here's some things to try: > > * Make double sure that root's /etc/passwd entry has '*' for the > password field. > What actually shows is "x" in the password field..consistently (all entries) > * try resetting root's password by running 'passwd' and > re-entering it. > Done...no change.] > * find out where pam_smb_auth comes from, with perhaps > "rpm -qf /lib/security/pam_smb_auth.so". I don't see that > module in the > Fedora Core samba RPMs... > > samba-3.0.0-15 has /lib/security/pam_smbpass.so > samba-common-3.0.0-15 has /lib/security/pam_winbind.so > Comes from pam_smb-1.1.7-2 > * What changes if you remove the pam_smb_auth line? Do you still have > null access? Do you still have access using the password? > Commenting out the pam_smb_auth line fixes the immediate problem. No null access, and can log in with the root password. So perhaps somewhere in the Samba system? I'm a relative newbie here and don't quite know where to look next. The offending machine is an upgrade from RH9. The samba server is still an RH9 box, and is running Samba 2.2.8a. I really appreciate the help. Bill