Resolution:A null password allows users to log onto a system without having to first supply a valid password string. When users have null passwords, they can press the [Enter] key when prompted for a password and gain access to systems without a password. This poses a significant security risk to the system and to the accountability of actions performed by users.
To disable null passwords make a backup of the /etc/pam.d/system-auth file, then modify the original by removing nullok from one of the lines.
Backup /etc/pam.d/system-auth
cp /etc/pam.d/system-auth /etc/pam.d/system-auth.backup
Remove nullok from the following line in /etc/pam.d/system-auth
auth sufficient /lib/security/pam_unix.so likeauth nullok
after removal the line should look like:
auth sufficient /lib/security/pam_unix.so likeauth
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment