On Thursday 03 April 2008 10:38:25 sindi keesan wrote: > If I apply your patch will it allow logins without password? > > I am being told > user 'user' has blank password, rejected (ditto for root) > > My little linux came with no passwords (just hit Enter to log in as root) > and I added them (probably with busybox passwd). It is a bare-bones > distro and maybe dropbear is looking for some file which is not there. > > I have real passwords for root and user in /etc/passwd. I also have root > and user listed in /etc/shadow. (I think our linux came without shadow > but adduser added it).
If you have /etc/shadow, then dropbear will look for passwords out of there rather than looking for them in /etc/passwd. (Why do you even have an /etc/shadow file and then define the passwords in /etc/passwd? That's kind of backwards... The point of /etc/shadow is to store passwords somewhere that _isn't_ world readable. That's the entire reason the file exists, to take passwords out of /etc/passwd and put them in to a file normal users can't read, because modern laptops can break most hashed 6-8 char password in a few hours if they have the hash to test against...) Rob -- "One of my most productive days was throwing away 1000 lines of code." - Ken Thompson.
