topic Re: Null password in Operating System - HP-UX

Null password

Rudi Martin — Thu, 18 Mar 2004 02:34:04 GMT

Hi there people

I need to setup a user who , when loggin in with a certain username , won't need to put in a password , it just takes him directly to a menu.

How do I setup the no password feature ? I can assign a null password where you can only press enter , but I want to take it away.

Thanks

Re: Null password

Karthik S S — Thu, 18 Mar 2004 02:46:54 GMT

edit /etc/passwd and remove the entries in the second field (separated by colons).

Ex:
karthi::101:20::/home/karthi:/sbin/sh

-Karthik S S

Re: Null password

Mark Grant — Thu, 18 Mar 2004 02:56:09 GMT

Well, if the user connects via a serial terminal you might be able to do this by changing the login program for this user to a shell in /etc/inittab. I have never tried this myself though.

If the user connects via telnet I don't know how you would get a different login program running but someone else might.

Your problem is, that you are going to HAVE to hit return.

There is another option for you if the user is on a machine that supoprts "remsh" (rsh on most unixes and possibly rexec on Windows). If the user has a .rhosts file on the target machine in their home directory which contains the machine they a re coming from, they can get a shell without any login interuptions at all.

Re: Null password

Paula J Frazer-Campbell — Thu, 18 Mar 2004 05:31:10 GMT

Hi

An entry in passwd with a nul in the password field is a big security issue.

Is this a real user or just a user being created to carry out a specific task.

If a real user then put a password in his/her login and tell then it is too big a security issue.

Nul entries in the passwd field is one of the first things I look for during a security check.

If a psudo user then look at an alternative way of doing this.

Paula

Re: Null password

Rudi Martin — Thu, 18 Mar 2004 05:46:20 GMT

Hi Paula

It's a pseudo user. What alternatives can you recommend as I'm not too keen on this as well ?

Re: Null password

Paula J Frazer-Campbell — Thu, 18 Mar 2004 13:07:21 GMT

Hi

If a psudo users do you just requre a login to carry out a specific tas?, if so then login with password and task in the users .profile followed by an exit.

It all depend on what the user has to do once logged in.

Paula

Re: Null password

Michael Schulte zur Sur — Thu, 18 Mar 2004 13:24:51 GMT

Hi Rudi,

be aware, that such a user also could do ftp!

greetings,

Michael

Re: Null password

Floyd Curtis — Thu, 18 Mar 2004 13:48:14 GMT

As others have said, you can null out the passwd entry in /etc/passwd but at the end of the line instead of the default shell have the full path name of your program/application. The first part of the app should disable signals to prevent breaks/interrupts during the applications execution. However, IMHO this is a definite security risk because you are bypassing much with no tracability. I would only consider this on a stand alone system with unimportant data unless much time is spend making the app bulletproof.

fwc

Re: Null password

Marvin Strong — Thu, 18 Mar 2004 13:56:04 GMT

Another option may be to just use the menu program as the users shell.
You might need to put the menu program in /etc/shells.

mstrong:passwd:100:20::/home/mstrong:menu

but you should definately require a password of some type.