Ethan Quach wrote: > > > Sarah Jelinek wrote: >> Ethan Quach wrote: >>> >>> >>> Sarah Jelinek wrote: >>>> Hi Everyone, >>>> >>>> I tried an AI install in which I set a user name, but no >>>> corresponding password for that user in my ai sc manifest. It >>>> installed and all and rebooted fine. I wasn't able to log in with >>>> that user, with the graphical console anyway, with this >>>> combination(user, no password set). Is this supposed to be an >>>> allowable combination? >>> >>> I'm guessing you weren't able to login as root in this case either? >>> >> No, I couldn't do that either. With a user entry it wouldn't let me >> log in as root. > > What I suspected. There's code downstream that triggers based on > the presence of the login name attribute, and turns root into a role. > > Was a user with an empty password actually created? i.e. what does > /etc/passwd and /etc/shadow have? > I don't know for sure. I rebooted and reinstalled to test another scenario. I will have to look at that. I will try that again. It is my assumption it created the user, because jack/jack didn't work, and I couldn't log in with root. But, I will check. I will have to boot net after the install with this scenario and mount up stuff and check. > >>> I'm thinking we shouldn't create a user at all if a username was >>> provided with no userpass. (with the adequate message in the log) >>> >> Ok. I am going to test this with text console just to see if it works >> there. I am logging info when the user doesn't provide the expected >> data. Previously, we were adding a user without a password if that is >> what the user specified. > > oh really? Maybe that is a supported scenario then (per Shawn's > scenario?) > If this is the case, then shouldn't the user be able to login with a null > password, or does it not work like that? Unless I am looking at the original code incorrectly, it looks like we created the user name entry, and if the password data was null we just put a warning in the log. That was a possibility in the original code path.
I thought the user should be able to login with a null password, but the graphical login wouldn't let me. It kept error'ing out. > > If we keep this scenario, then the code downstream which turns root into > a role should be triggered off the existence of both, a username and a > userpass, not just the username. That code is in > libict::ict_set_user_role() > > Why would we change this based on a user password? It seems to me root should still be a role if the user has entered a user in the sc file, even without a password. Presumably they have a plan for this scenario. If we allow this scenario. sarah **** > -ethan > >
