[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Non-existent user able to log in??? hacked????

Jeremy Melanson wrote:

Hi Arnaud.

The first things I'd check are:

* Are the passwd, group, and shadow entries in your "/etc/nsswitch.conf"
configured correctly?

* If you have NIS installed on your machine, issue "/etc/init.d/nis
stop" and "/etc/init.d/portmap stop" commands. Then see if you can still
log in as the 'test' user. If you don't need it, consider uninstalling

* Can you change the password for user 'test' while logged in as root?

* What do your "/etc/pam.d/ssh" and "/etc/pam.d/ftpd" files look like?

Hope this helps :-)


Yep, that helped bigtime... I've shutdown NIS and I'm not able to login as test anymore.

When I start NIS again I am able to logon as test.
ypcat passwd reveals the existance of the test account and also explains why it is mapped against the particular local existent user. ypcat shadow.byname also reveals the password for test.

Question remains why NIS is doing this, or what I am doing wrong. I did setup this server the serve some linux workstations as a test. I guess I underestimated NIS thinking it would just use shadow and passwd from /etc.

this is my nsswitch:
passwd:         compat
group:          compat
shadow:         compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis


Reply to: