This was reported to security by Jason Savoie. I have verified this behavior on RHEL3. Purpose: To disable an account from ssh/telnet/rsh login Issue: executed the passwd -d <username> command and can still login as that person with the old password Hello, I was testing to see how I can make an account unavailable from normal logins and also from using and ssh publickey authentication (if they had it and we didn't know it unless we log into account and manually remove it) So, here is what I did. # Created a test account on a machine running the following RH release -bash-2.05b$ uname -a Linux orange.westernasset.com 2.4.21-15.ELsmp #1 SMP Thu Apr 22 00:09:01 EDT 2004 x86_64 x86_64 x86_64 GNU/Linux -bash-2.05b$ id uid=4086(jsavoie) gid=151(ops) groups=151(ops) -bash-2.05b$ cat /etc/redhat-release Red Hat Enterprise Linux AS release 3 (Taroon Update 2) # Created the account sudo /usr/sbin/useradd -u 6666 test # Gave it a password sudo passwd test # Went to another machine and logged in. [jsavoie@rancho jsavoie]$ uname -a Linux rancho.westernasset.com 2.4.21-15.ELsmp #1 SMP Thu Apr 22 00:09:01 EDT 2004 x86_64 x86_64 x86_64 GNU/Linux [jsavoie@rancho jsavoie]$ ssh test@orange test@orange's password: [test@orange test]$ # Went to the test server and removed the password using the passwd -d <username> command bash-2.05b$ sudo passwd -d test Removing password for user test. passwd: Success -bash-2.05b$ sudo grep test /etc/shadow test::12825:0:99999:7::: # Now, login from the other machine [jsavoie@rancho jsavoie]$ ssh test@orange test@orange's password: Permission denied, please try again. test@orange's password: [test@orange test]$ (NOTE: the first time above was no passwd, then the old password and it worked!!!)
I did not have nscd running on the machine I tested this on.
No, this is a completely different bug (pam ignores flag which openssh sends to it when PermitEmptyPasswords is set to no). You can actually enter any non-empty password to login when user has null password. *** This bug has been marked as a duplicate of 136855 *** *** This bug has been marked as a duplicate of 136855 ***