On 09/21/2015 03:02 PM, Matt Brookings wrote:
Hash: SHA1

On 09/21/2015 08:55 AM, Drew Wells wrote:
I think that permitting a null password, if policy does not admit it, is a 
security hole.
Prefer you you add another explicit call to be called for no password checking 
(at all).



This is going to be the patch I use here, does anyone want this patch ?
Wouldn't it actually be easier to remove the password parameter from vadduser() 
and then
vadduser.c can add a user (without a password) and then optionally set a 
password using
vauth_setpw() ?  This is exactly what it should do at the moment for adding a 
user with a crypted
password, the user is added, then the crypted password is set using 
Because vadduser() previously supported an empty password ("\0"), the change to 
check for this and
skip the password strength testing won't be changing its functionality.  The 
password strength check
was not meant to prevent blank passwords, so the fact that it broke the ability 
to set one would be
a bug, and skipping the call to the password strength checker would be a bug 
fix.  vadduser should
not, however, be called with a NULL password.

That was exactly what my original patch on the 15th Sept. did and the patch is attached to my original message. I have not attached my NULL password changes patch. I'll revert the patch I use here to my original one.

While looking at all this I have noticed that vmoduser.c allows the setting of a "clear_text_password" (-C) but does not do any password_strength() testing, is this also a bug ? Lastly, there does not seem to be a way of setting "no password" on an account once it has been created, is this correct ?

Do you have any idea what needs to be done with regard to some of the backends being able to accept a NULL gecos ?


Reply via email to