|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Golden_Eternity (bhodi_jabir_at_yahoo.com)
Date: Fri Dec 20 2002 - 16:04:30 CST
> I don't know why RH does this. But having a valid shell in /etc/passwd
> is not sufficent for an attacker. The account also must have a valid
> password in /etc/shadow (or wherever your OS keeps them). Usually the
> role-accounts look somewhat like this:
<snip>
> The "*" or some other symbol like "!" means, that this is not a valid
> password and so nobody can enter a correct password for this account.
> Phil
In July 2001, there was an ssh issue that affected user accounts with !!
in their password field. This issue wouldn't have been quite as big a
risk for redhat systems, if they had set the shells for these accounts
to be /bin/false or something similar.
So, this isn't an issue in and of itself, but by changing the shells, we
could help mitigate the effect of other potential security issues.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]