More secure feature in OpenSolaris is that it will not boot if the password field is empty unless you change the PASSREQ setting as well. I found this one out the hard way but I like it.
motie:/etc/default ->grep PASS * login:# PASSREQ determines if login requires a password. login:PASSREQ=YES passwd:PASSLENGTH=6 Sundar Yamunachari wrote, On 10/28/09 09:58: > Darren J Moffat wrote: >> Sundar Yamunachari wrote: >>> Darren, Gary: >>> >>> We are in the process of removing root password fields from the >>> livecd GUI installation of OpenSolaris. See bug 1436 >>> (http://defect.opensolaris.org/bz/show_bug.cgi?id=1436). As part of >>> the fix, we are forcing the creation of an admin user. In essence >>> the super-user (root) becomes a role. So after a successful >>> installation, the user can login as the administrative user created >>> during the livecd install and can use pfexec successfully. Since we >>> are not asking the root password, what should be the password of root? >> >> It seems to assume that the user created during the install has been >> assigned "Primary Administrator" and that is regarded as a bug it >> shouldn't have been done that way. >> >> http://defect.opensolaris.org/bz/show_bug.cgi?id=4885 >> >>> - If it set to empty password, does it creates a security issue? >> >> Depends on the customers needs. > My concern is that if we set the root password to NULL, the customer > may not know it unless he/she tries to be a super-user. >> >>> - Does it make sense to setup a password for root even though we >>> are not asking the user to create a root password during installation? >> >> How would anyone know what it was then ? > One option is to use the password of the administrative user created > during the installation >> >>> - Does it make sense to force the administrative user to setup a >>> password for root in order to become a super user on the installed >>> system? >> >> I'm not sure we are ready to do this yet I think 4885 needs to be >> resolved first. > Do you suggest holding off fixing 1436 till we get 4885 resolved? > > Thanks, > Sundar > > _______________________________________________ > caiman-discuss mailing list > caiman-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/caiman-discuss -- Les Wood Sun Microsystems Software Integration Engineering Office: 503-820-3834 x40075 ******************************************************************************* PRIVACY & CONFIDENTIALITY NOTICE: The information contained in this e-mail and any attachments is intended for the named recipient(s) only, unless otherwise waived in writing by me. It may contain privileged, proprietary and/or confidential information. If you are not the intended recipient, you must not copy, forward or distribute. If you have received this e-mail in error, please notify me immediately. *******************************************************************************
