Timeline for adduser allows weak password - how to prevent?
Current License: CC BY-SA 4.0
4 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Dec 19, 2024 at 13:13 | comment | added | jesse_b | @ilkkachu yeah or root is also capable of modifying the password policy. | |
| Dec 19, 2024 at 12:43 | comment | added | ilkkachu |
Though one might note that if the password is stored locally, root can change it anyway, regardless of what the PAM modules say. E.g. creating the hash with mkpasswd -m sha512crypt and editing it into /etc/shadow should work on a run-of-the-mill Ubuntu system. If the user database is stored in e.g. LDAP, then the server should enforce password checking (if it's enforced locally in PAM, root can likely just contact the LDAP server directly to set the password.)
|
|
| Dec 18, 2024 at 20:08 | history | edited | jesse_b | CC BY-SA 4.0 |
added 19 characters in body
|
| Dec 18, 2024 at 11:31 | history | answered | jesse_b | CC BY-SA 4.0 |