On Thu, Oct 15, 2009 at 10:55:37PM -0400, Dr. Mark A. Friedman wrote: > Upon installation, Debian includes users libuuid and Debian-exim in > /etc/shadow with an empty password field: > > libuuid::14292:0:99999:7::: > Debian-exim::14377:0:99999:7::: > > Although Debian-exim specifies /bin/false as a shell in /etc/passwd to > eliminate login, libuuid does not: > > libuuid:x:100:101::/var/lib/libuuid:/bin/sh > Debian-exim:x:103:105::/var/spool/exim4:/bin/false > > Besides which, the use of /bin/false does not eliminate use of an > account in ways through ssh. e.g. > http://www.semicomplete.com/articles/ssh-security/ > > 1) What stops one from logging into a Debian machine through libuuid > or Debian-exim by specifying a blank password? Or, using ssh though > one of these users and a blank password? by default ssh doesn't allow blank/empty passwords > > 2) For a greater degree of comfort or security, could I change the > password field to an '*' for these users without causing a problem? > And, where would I see that problem if it did occur (e.g. exim is not > installed on my system.)? > > libuuid:*:14292:0:99999:7::: > Debian-exim:*:14377:0:99999:7::: > > Thanks in advance. > > -- "The important question is, how many hands have I shaked?" - George W. Bush 10/23/1999 on why he hadn't spent more time in New Hampshire, New York Times
Attachment:
signature.asc
Description: Digital signature