Subject: Re: PAM vs empty password & rsh
To: Chuck Silvers <>
From: Christos Zoulas <>
List: tech-userlevel
Date: 05/10/2005 13:37:57
On May 10,  9:05am, (Chuck Silvers) wrote:
-- Subject: Re: PAM vs empty password & rsh

| On Tue, May 10, 2005 at 11:05:52AM -0400, Christos Zoulas wrote:
| > In article <>,
| > Chuck Silvers  <> wrote:
| > >in the pre-PAM world, if a user had no password then rshd would allow
| > >any user from any host to execute commands as that user, but the PAMified
| > >rshd doesn't allow this.  what's the best way to get the old behaviour back?
| > 
| > in /etc/pam.d/rsh change the pam_rhosts authentication from required to
| > sufficient.
| that allows anyone in, even if the account has a password.
| I was thinking it would be something more along the lines of
| the "nullok" option that pam_unix has.

So add a line enforcing a password:

# auth
auth	required	no_warn
auth	sufficient	no_warn allow_root
auth	required	no_warn try_first_pass nullok