On Thursday 03 April 2008 21:32:05 sindi keesan wrote: > On Thu, 3 Apr 2008, Rob Landley wrote: > > On Thursday 03 April 2008 16:13:43 sindi keesan wrote: > >> I don't know where shadow came from or why it appears not to work. > > It came from the original setup, where root and user had blank passwords. > Apparently the busybox passwd changed the passwords in passwd but not in > shadow, and dropbear looked at shadow but not at passwd to decide that my > passwords were blank. When I boot and log in passwd seems to be > consulted, not shadow. Maybe someone would like to patch dropbear to look > at BOTH files (passwd as well as shadow) before decided there are blank > passwords?
It's more that the spec says that _if_ there is a shadow file, the password should live there. They only live in /etc/passwd on systems that haven't got shadow password support. So your system was in a weird state. Not really dropbear's bug. > I found dropbear at the uclibc site, which I was at because I was > compiling busybox, so if it is the busybox passwd (or adduser) that is > leaving shadow unchanged while changing passwd, someone else might end up > with the same problem as I have. Busybox has a CONFIG entry for shadow password support or not. If it's creating a shadow file when shadow password support is disabled, that's a bug. (Last time I was involved in busybox was the 1.2.2 release...) If you're using a version of busybox that's configured not to support shadow passwords on a system that's configured to use shadow passwords, that's a problem. > >> I think I ran the busybox passwd (or adduser?) to assign passwords. > >> > >> In another version of this distro, I used a package provided by the > >> distro to create a user and assign passwords to user and root, and there > >> is no 'shadow' file there, and dropbear works 'out of the box' (once I > >> make the rsa key). > > > > You used two different passwd programs, one of which supported shadow > > passwords and one that didn't. You wound up with /etc in a fairly insane > > state. > > The shadow file was there before I added passwords. I used one program > per distro. Manually removing shadow fixed my problem. > > My setup worked until now. (I am often surprised when things work). If you were only using the busybox utilities, they sound like they were configured to ignore /etc/shadow. > >> This distro is not intended to be highly secure. It is for older > >> hardware and to learn on. > > > > It doesn't have to be secure it just has to be consistent. > > I will mention to others on the list that they need to remove shadow if > they add passwords to BL 2. Or they could fix their busybox .config... > > Linux security is a whole big issue of its own, worth of at least a > > semester long undergraduate course. > > Probably with some prerequisites. This is my first and only linux. Have you read Linux From Scratch yet? http://www.linuxfromscratch.org/lfs/view/stable/ Then you can read the sequels: http://www.linuxfromscratch.org/ Rob -- "One of my most productive days was throwing away 1000 lines of code." - Ken Thompson.
