A disabled empty root password (ie '*' in /etc/shadow) works fine. Eg,
using the below 'test.sh' script:
#!/bin/sh -e
for i in nullok nonull ; do
echo -n "$i: "
if printf '!\0' | unix_chkpwd root $i ; then
echo "matched"
else
echo "did not match"
fi
done
$ sudo head -1 /etc/shadow
root:*:14215:0:99999:7:::
$ sudo ./test.sh
nullok: did not match
nonull: did not match
What will match with nullok but not nonull is an enabled empty root password:
$ sudo head -1 /etc/shadow
root::14215:0:99999:7:::
Of course, an enabled empty root password allows passwordless root login
via ssh and the console which is not at all needed for ssh keys logins.
--
root account has ! as default password
https://bugs.launchpad.net/bugs/296841
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
