Sunsolaris 컴퓨터에서 루트 사용자의 빈 비밀번호를 비활성화하시겠습니까?

tag-icon tag-icon solaris pam
Sunsolaris 컴퓨터에서 루트 사용자의 빈 비밀번호를 비활성화하시겠습니까?

현재 저는 SunSolaris 시스템을 사용하고 있습니다.

bash-3.00# uname -a
SunOS labxxxx 5.10 Generic_144488-17 sun4u sparc SUNW,Netra-240
bash-3.00#

루트에 대해 빈(공백) 비밀번호를 설정하려고 하면 다음과 같이 할 수 있습니다:

SunOS labxxxx 5.10 Generic_144488-17 sun4u sparc SUNW,Netra-240
bash-3.00# passwd root
New Password:
Re-enter new Password:
passwd: password successfully changed for root
bash-3.00#

Centos Linux 상자에서 동일한 테스트를 반복했는데 루트 사용자에 대해 빈 비밀번호를 설정할 수 없었습니다.

[root@localhost linuxLogs]# uname -a
Linux localhost.localdomain 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6 19:48:22 GMT 2011 x86_64 x86_64 x86_64 GNU/Linux

[root@localhost linuxLogs]# passwd root
Changing password for user root.
New password:
BAD PASSWORD: it is WAY too short
BAD PASSWORD: is a palindrome
Retype new password:
No password supplied
passwd: Authentication token manipulation error

내 질문은 Solaris 시스템에서 빈 암호를 완전히 (전역적으로) 비활성화하는 방법입니다.

다음 링크를 확인했지만 도움이 되지 않았습니다.

http://www.informit.com/articles/article.aspx?p=101163&seqNum=7
https://community.oracle.com/thread/1927039?start=0&tstart=0
http://www.unix.com/solaris/125161-solaris-10-allow-ssh-login-empty-passwd.html
http://docs.oracle.com/cd/E19253-01/816-4863/pam-20/index.html

pam.conf파일을 통해 이를 제어 할 수 있는 방법이 있나요 ?

출력은 다음과 같습니다.

bash-3.00# file $(which passwd)
/usr/bin/passwd:        ELF 32-bit MSB executable SPARC Version 1, dynamically linked, stripped
bash-3.00# truss -t open passwd root
open("/var/ld/ld.config", O_RDONLY)             Err#2 ENOENT
open("/lib/libbsm.so.1", O_RDONLY)              = 3
open("/lib/libpam.so.1", O_RDONLY)              = 3
open("/lib/libnsl.so.1", O_RDONLY)              = 3
open("/usr/lib/passwdutil.so.1", O_RDONLY)      = 3
open("/lib/libc.so.1", O_RDONLY)                = 3
open("/lib/libsocket.so.1", O_RDONLY)           = 3
open("/lib/libmd.so.1", O_RDONLY)               = 3
open("/lib/libsecdb.so.1", O_RDONLY)            = 3
open("/lib/libcmd.so.1", O_RDONLY)              = 3
open("/platform/SUNW,Netra-240/lib/libc_psr.so.1", O_RDONLY) = 3
open("/usr/lib/locale/en_US.ISO8859-1/en_US.ISO8859-1.so.3", O_RDONLY) = 3
open("/etc/pam_debug", O_RDONLY)                Err#2 ENOENT
open("/etc/pam.conf", O_RDONLY)                 = 3
open("/usr/lib/security/pam_passwd_auth.so.1", O_RDONLY) = 3
open("/etc/nsswitch.conf", O_RDONLY|O_LARGEFILE) = 3
open("/etc/passwd", O_RDONLY|O_LARGEFILE)       = 3
open("/usr/lib/security/pam_dhkeys.so.1", O_RDONLY) = 3
open("/usr/lib/security/pam_authtok_get.so.1", O_RDONLY) = 3
open("/usr/lib/security/pam_authtok_check.so.1", O_RDONLY) = 3
open("/usr/lib/security/pam_authtok_store.so.1", O_RDONLY) = 3
open("/dev/tty", O_RDWR)                        = 3
New Password:     Received signal #20, SIGWINCH, in read() [default]

open("/dev/tty", O_RDWR)                        = 3
Re-enter new Password:
bash-3.00#

답변1

어디 보자 /etc/default/passwd. 라는 지시문이 있습니다 PASSLENGTH. 기본적으로 다음 값이 있으며 6비밀번호를 변경하면 다음이 제공됩니다.

# passwd root
New Password: 
passwd: Password too short - must be at least 6 characters.

또한 내용을 확인 /etc/pam.conf하고 다음 섹션이 있는지 확인하십시오.

#
# passwd command (explicit because of a different authentication module)
#
passwd  auth required           pam_passwd_auth.so.1

그리고

# Password construction requirements apply to all users.
# Remove force_check to have the traditional authorized administrator
# bypass of construction requirements.
other   password requisite      pam_authtok_check.so.1 force_check

자세한 내용은 다음을 참조하세요.man -s 5 pam_authtok_check

바이너리에서 사용되는 파일을 truss확인하는 데 사용되면 다음 출력이 반환됩니다.passwd

#  truss -t open passwd root
open("/var/ld/ld.config", O_RDONLY)             Err#2 ENOENT
open("/lib/libbsm.so.1", O_RDONLY)              = 3
open("/lib/libpam.so.1", O_RDONLY)              = 3
open("/lib/libnsl.so.1", O_RDONLY)              = 3
open("/usr/lib/passwdutil.so.1", O_RDONLY)      = 3
open("/lib/libc.so.1", O_RDONLY)                = 3
open("/lib/libsocket.so.1", O_RDONLY)           = 3
open("/lib/libmd.so.1", O_RDONLY)               = 3
open("/lib/libsecdb.so.1", O_RDONLY)            = 3
open("/lib/libcmd.so.1", O_RDONLY)              = 3
open("/platform/SUNW,SPARC-Enterprise-T5220/lib/libc_psr.so.1", O_RDONLY) = 3
open("/etc/pam_debug", O_RDONLY)                Err#2 ENOENT
open("/etc/pam.conf", O_RDONLY)                 = 3
open("/usr/lib/security/pam_passwd_auth.so.1", O_RDONLY) = 3
open("/etc/nsswitch.conf", O_RDONLY|O_LARGEFILE) = 3
open("/etc/passwd", O_RDONLY|O_LARGEFILE)       = 3
open("/usr/lib/security/pam_dhkeys.so.1", O_RDONLY) = 3
open("/usr/lib/security/pam_authtok_get.so.1", O_RDONLY) = 3
open("/usr/lib/security/pam_authtok_check.so.1", O_RDONLY) = 3
open("/usr/lib/security/pam_authtok_store.so.1", O_RDONLY) = 3
open("/dev/tty", O_RDWR)                        = 3
New Password: 
open("/etc/default/passwd", O_RDONLY)           = 3
open("/etc/shadow", O_RDONLY|O_LARGEFILE)       = 3
open("/etc/security/policy.conf", O_RDONLY)     = 3
passwd: Password too short - must be at least 6 characters.

Please try again
open("/dev/tty", O_RDWR)                        = 3
New Password:     Received signal #2, SIGINT, in read() [caught]

관련 정보