Loading ...Linux or UNIX disable null passwords
Q. How do I disabling logins for user with null passwords?
A. PAM (pluggable authentication modules) is used by both Unixish (Solaris/BSD/AIX/HP-UX) oses and Linux for configuring authentication related services.
A null password allows users to log onto a system without having to supply a valid password. This is a security risk to the system. In case if you are wondering how to setup null password, try command usermod as follows:
# usermod -p "" username
The PAM configuration option that enables null passwords is the nullok module argument passed to pam_unix.so PAM module. You'll want to remove this argument from any modules of auth type for services that allow login.
Debian Linux
Debian Linux use following two files:
- /etc/pam/common-auth: authentication settings common to all services
- /etc/pam.d/common-password: password-related modules common to all services
Caution: before modifying below mentioned PAM config files, make the backup of files using cp command.
a) Open /etc/pam/common-auth:
# cp /etc/pam/common-auth /etc/pam/common-auth.ORI
# vi /etc/pam/common-auth
Find out line that read as follows:
password required pam_unix.so nullok obscure min=4 max=8 md5
Remove nullok from above line so that it read as follows:
password required pam_unix.so obscure min=4 max=8 md5
b) Save the file and exit to shell prompt. Open file /etc/pam.d/common-password:
# cp /etc/pam.d/common-password /etc/pam.d/common-password.ORI
# vi /etc/pam.d/common-password
Find out line that read as follows:
auth required pam_unix.so nullok_secure
Remove nullok_secure from above line so that it read as follows:
auth required pam_unix.so
Save the file and exit to shell prompt. Now no one be able to login using null password.
Red Hat / Fedora Linux
You need to modify single file /etc/pam.d/system-auth:
# cp /etc/pam.d/system-auth /etc/pam.d/system-auth.ORI
# vi /etc/pam.d/system-auth
Find out line that read as follows:
auth sufficient /lib/security/pam_unix.so likeauth nullok
Remove nullok from above line so that it read as follows:
auth sufficient /lib/security/pam_unix.so likeauth
Save the file.
See also:
- Official Linux PAM documentation
- Linux set default password expiry for all new users
- Please consult man pages of usermod and passwd
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in other helpful articles:
- Prevent from using or reuse same old passwords under Linux
- Examining gcc behavior
- Search for all account without password and lock them
- How to secure the data in your PHP applications with PHP encryption
- How do I Drop or block attackers IP with null routes?
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Recent Comments
Today ~ 12 Comments
Today ~ 6 Comments
Today ~ 21 Comments
Today ~ 1 Comment
Today ~ 1 Comment