Ticket #454 (new enhancement)
warn that changing root's password on clusters is pointless
Reported by: | geofft | Owned by: | |
---|---|---|---|
Priority: | low | Milestone: | The Distant Future |
Component: | -- | Keywords: | |
Cc: | Fixed in version: | ||
Upstream bug: |
Description
debathena / cluster / andersk 16:21 (Anders Kaseorg) debathena-cluster should change /etc/pam.d/common-password to yell very loudly when you try to change root’s password.
Change History
comment:2 Changed 13 years ago by jdreed
I'm not entirely sure how to do this conditionally (i.e. for only root).
I also don't know why/if we care. Users are welcome to change root's password to whatever they want. There is no legitimate reason to do so, so I'm not sure why we should help them.
comment:3 Changed 13 years ago by geofft
I'm not entirely sure how to do this conditionally (i.e. for only root).
You can do it with pam_succeed_if chaining to pam_echo (look at scripts' PAM configuration, or possibly Debathena's, even), it's not that hard. I can show someone how to abuse PAM if they're interested in doing this.
I also don't know why/if we care. Users are welcome to change root's password to whatever they want. There is no legitimate reason to do so, so I'm not sure why we should help them.
Right, the purpose of this is to warn them that you can't actually successfully privatize a cluster machine by changing the password and assuming that no one else will them be able to use it, or something.