Ticket #454 (new enhancement)

Opened 12 years ago

Last modified 10 years ago

warn that changing root's password on clusters is pointless

Reported by: geofft Owned by:
Priority: low Milestone: The Distant Future
Component: -- Keywords:
Cc: Fixed in version:
Upstream bug:

Description

debathena / cluster / andersk  16:21  (Anders Kaseorg)
    debathena-cluster should change /etc/pam.d/common-password to yell
    very loudly when you try to change root’s password.

Change History

comment:1 Changed 12 years ago by jdreed

  • Milestone set to The Distant Future

comment:2 Changed 10 years ago by jdreed

I'm not entirely sure how to do this conditionally (i.e. for only root).

I also don't know why/if we care. Users are welcome to change root's password to whatever they want. There is no legitimate reason to do so, so I'm not sure why we should help them.

comment:3 Changed 10 years ago by geofft

I'm not entirely sure how to do this conditionally (i.e. for only root).

You can do it with pam_succeed_if chaining to pam_echo (look at scripts' PAM configuration, or possibly Debathena's, even), it's not that hard. I can show someone how to abuse PAM if they're interested in doing this.

I also don't know why/if we care. Users are welcome to change root's password to whatever they want. There is no legitimate reason to do so, so I'm not sure why we should help them.

Right, the purpose of this is to warn them that you can't actually successfully privatize a cluster machine by changing the password and assuming that no one else will them be able to use it, or something.

comment:4 Changed 10 years ago by kcr

And, to be charitable, tell them that they're confused now, and about to be even more confused if they proceed.

Note: See TracTickets for help on using tickets.