- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: RHEL4.8 how to allow a null password
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-15-2009 04:24 AM
тАО07-15-2009 04:24 AM
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-15-2009 05:15 AM
тАО07-15-2009 05:15 AM
Re: RHEL4.8 how to allow a null password
Did you try "nullok" option for pam_unix module?
Goran
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-15-2009 09:18 AM
тАО07-15-2009 09:18 AM
Re: RHEL4.8 how to allow a null password
B0010-> grep -l nullok *
system-auth
xscreensaver
B0010-> cat system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
password required /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
thanks for the help
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-15-2009 09:39 AM
тАО07-15-2009 09:39 AM
SolutionLook at the user profiles of bin and some of the daemons in /etc/passwd
Perhaps you could duplicate one of them, change the UID and GID and get something that is never used for login.
Or you can start this product as follows:
/bin/su - c username "command to start daemon"
This would if run by root bypass the OS password.
It would require root access, but an admin or cron can do the job.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-15-2009 09:15 PM
тАО07-15-2009 09:15 PM
Re: RHEL4.8 how to allow a null password
Goran
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-15-2009 10:30 PM
тАО07-15-2009 10:30 PM
Re: RHEL4.8 how to allow a null password
Of course, there is the side effect that you cannot use the same port for normal logins at all: any telnet login is automatically directed to the application instead.
You *could* choose to dedicate telnetd for the use of this COBOL application only, and use SSH or other login methods for system administration. Or you could set up a second copy of telnetd in a custom port: in that case it's your choice whether you put the regular telnet access or the application-customized version to the custom port.
To create a second copy of the telnet service:
1.) Assign a service name for your custom port in /etc/services, for example:
customtelnet 2323/tcp
2.) Copy the telnet service configuration file and edit its service definition to
refer to your custom service name:
cp /etc/xinetd.d/telnet /etc/xinetd.d/customtelnet
edit /etc/xinetd.d/customtelnet to change the "service telnet" line to "service customtelnet"
3.) run "service xinetd restart" or send a HUP signal to the xinetd process.
To make the telnet service start your application (or its startup script, if necessary):
1.) edit the telnet service definition in /etc/xinetd.d (either the standard or custom one, your choice) to add a "server_args" line to the service definition.
For example:
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
server_args = -L /usr/local/bin/your-app-startup-script
log_on_failure += USERID
disable = no
}
(Note: with a quick reading of telnetd man page, it looks like you may have to add the "-a off" option to the server_args line too. I don't have a RHEL4 machine I could use for testing this at the moment, so you'll have to check it yourself.)
(Note 2: changing the "user" line in the xinetd service definition to an application-dedicated userid would probably be more secure than using su in application startup script. But that may require some extra care in setting up the shell environment before starting up the application.)
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-17-2009 05:47 AM
тАО07-17-2009 05:47 AM
Re: RHEL4.8 how to allow a null password
root:x:0:0:root:/root:/bin/ksh
super:x:0:200:root:/tmp:/usr/security/secure
thanks to all
Matt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-17-2009 06:24 AM
тАО07-17-2009 06:24 AM
Re: RHEL4.8 how to allow a null password
Jul 17 09:45:20 B0010 remote(pam_unix)[7842]: authentication failure; logname= u
id=0 euid=0 tty=pts/1 ruser= rhost=mshaffer-laptop.wescodist.com user=super
Jul 17 09:45:22 B0010 login[7842]: FAILED LOGIN 1 FROM mshaffer-laptop.wescodist
.com FOR super, Authentication failure
Jul 17 09:47:47 B0010 remote(pam_unix)[7845]: session opened for user root by (u
id=0)
Jul 17 09:47:47 B0010 -- root[7845]: ROOT LOGIN ON pts/1 FROM mshaffer-laptop.w
escodist.com
Jul 17 09:59:50 B0010 remote(pam_unix)[7845]: session closed for user root