diff options
| author | Balint Reczey <balint@balintreczey.hu> | 2021-11-07 21:59:50 +0100 |
|---|---|---|
| committer | Balint Reczey <balint@balintreczey.hu> | 2022-01-22 21:53:25 +0100 |
| commit | 600860fd1b21acde3633262cb166a9013ff02139 (patch) | |
| tree | 8f10c88a4faa2e17d4ffa38bc73dfebb13a3d7ff /debian | |
| parent | 0246ee1e32ebbf1a5256a45ea16362e6a4adb159 (diff) | |
| download | shadow-600860fd1b21acde3633262cb166a9013ff02139.tar.gz | |
debian/NEWS: Mention new login behaviour regarding empty password field
Also set PREVENT_NO_AUTH in shipped login.defs accordingly.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/NEWS | 10 | ||||
| -rw-r--r-- | debian/login.defs | 8 |
2 files changed, 18 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS index 4e0999ae..f30f6ab7 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,3 +1,13 @@ +shadow (1:4.9-1) UNRELEASED; urgency=medium + + Login now prevents an empty password field to be interpreted as + "no authentication required" for UID 0 (root account). + The historical default of letting all users with empty password field + in without authentication can be restored in /etc/login.defs setting + PREVENT_NO_AUTH to "no". + + -- Balint Reczey <balint@balintreczey.hu> Sun, 07 Nov 2021 21:51:46 +0100 + shadow (1:4.7-1) unstable; urgency=medium * /etc/securetty is no longer shipped by this package and it is no longer diff --git a/debian/login.defs b/debian/login.defs index 28ba638d..6c02b6fc 100644 --- a/debian/login.defs +++ b/debian/login.defs @@ -321,6 +321,14 @@ NONEXISTENT /nonexistent # #GRANT_AUX_GROUP_SUBIDS yes +# +# Prevents an empty password field to be interpreted as "no authentication +# required". +# Set to "yes" to prevent for all accounts +# Set to "superuser" to prevent for UID 0 / root (default) +# Set to "no" to not prevent for any account (dangerous, historical default) +PREVENT_NO_AUTH superuser + ################# OBSOLETED BY PAM ############## # # # These options are now handled by PAM. Please # |