On Thu, 18 Dec 2003 11:44:14 +0000
"Rhys John" <[EMAIL PROTECTED]> probably wrote:

> Both accounts are now active but i would like to remove the encrypted 
> password from master.passwd and replace it with a *. Is this possible with 
> "vipw"?

It doesn't matter what you use for editing your password files (at least
for this point).

If you have a `*' in your master.passwd, that means that direct console
logins for that user are disabled. If you are so much embarassed about
root having a password, you may use sudo (from ports) and allow a
certain user to "sudo sh" to gain root priveleges, for instance. He (you
as a user) will then have to enter his own password, not root's. This
way, you exchange a cracker's job of cracking your root password for a
job of cracking your user password, so it's not much more secure:).

> Thanks for your reply hugle
> >From: hugle <[EMAIL PROTECTED]>
> >Reply-To: hugle <[EMAIL PROTECTED]>
> >Subject: Re: master.passwd -- securing
> >Date: Thu, 18 Dec 2003 03:39:18 -0800
> >
> >RJ> Ive been playing with "vipw" trying to change passwords into "*" for a
> >RJ> slightly higher level of security but ran into some very big problems. 
> >RJ> From reading through the FreeBSD handbook it seemed all i had to do was replace
> >RJ> the encrypted password with *, which is what i did. I thought it seemed 
> >RJ> bit odd but continued anyway. Foolishly (although i was quite tired) i did
> >RJ> this to both my user account and root. So they both had * as their password
> >RJ> and looked the same as every other entry in the file. I saved it and "vipw"
> >RJ> updated the database so i thought all was well and logged off to check...
> >RJ> big mistake! The net result of this was not good, i couldnt access my user
> >RJ> account or root :( Anyway i had to cut the power to my PC since i couldnt
> >RJ> shut it down because i was locked out. After that i went into single user
> >RJ> mode and changed the passwords back and its working now but i cant hide the
> >RJ> passwords. So i guess after all this rambling my question is how to i secure
> >RJ> the password file? How do i change from the encrypted password to * without
> >RJ> screwing over my system? Any help would by much appreciated

> >try doing that:
> >#Forget your root pw?
> >1. Reboot. when you see the "boot" prompt, type boot -s and hit enter
> >2. run this command: fsck -p / && mount -u /
> >3. use the `passwd` command to set a password for root
> >4. reboot, done
> >
> >hope that helps..
> >
> >
> >_______________________________________________
> >[EMAIL PROTECTED] mailing list
> >http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> >To unsubscribe, send any mail to 
> _________________________________________________________________
> Find a cheaper internet access deal - choose one to suit you. 
> http://www.msn.co.uk/internetaccess
> _______________________________________________
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Violence is the last refuge of the incompetent.
                -- Salvor Hardin

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to