Re: Non-existent user able to log in??? hacked????
Jeremy Melanson wrote:
The first things I'd check are:
* Are the passwd, group, and shadow entries in your "/etc/nsswitch.conf"
* If you have NIS installed on your machine, issue "/etc/init.d/nis
stop" and "/etc/init.d/portmap stop" commands. Then see if you can still
log in as the 'test' user. If you don't need it, consider uninstalling
* Can you change the password for user 'test' while logged in as root?
* What do your "/etc/pam.d/ssh" and "/etc/pam.d/ftpd" files look like?
Hope this helps :-)
Yep, that helped bigtime... I've shutdown NIS and I'm not able to login
as test anymore.
When I start NIS again I am able to logon as test.
ypcat passwd reveals the existance of the test account and also explains
why it is mapped against the particular local existent user. ypcat
shadow.byname also reveals the password for test.
Question remains why NIS is doing this, or what I am doing wrong. I did
setup this server the serve some linux workstations as a test. I guess I
underestimated NIS thinking it would just use shadow and passwd from /etc.
this is my nsswitch:
hosts: files dns
protocols: db files
services: db files
ethers: db files
rpc: db files