Bugzilla – Bug 1223436
cannot login without password set
Last modified: 2024-07-19 21:56:12 UTC
After updating a Tumbleweed VM without any password set either on the user account, or on root, it has locked me out — i can login neither from SDDM, nor from the kernel console. The previous update of that machine was about a month ago (after the lzma backdoor rebuild).
My line in /etc/passwd looks like bruno:x:1000:100::/home/bruno:/usr/bin/fish My line in /etc/shadow looks like bruno:U6aMy0wojraho:18956:0:99999:7::: (which is the well-known hash of an empty password)
(In reply to Bruno Pitrus from comment #1) > (which is the well-known hash of an empty password) nullok The default action of this module is to not permit the user access to a service if their official password is blank. The nullok argument overrides this default. I bet you did not set the "nullok" option and it only worked due to a bug?
The upstream bug: https://github.com/linux-pam/linux-pam/issues/758
(In reply to Thorsten Kukuk from comment #2) > (In reply to Bruno Pitrus from comment #1) > > > (which is the well-known hash of an empty password) > > nullok > The default action of this module is to not permit the user access > to a service if their official password is blank. The nullok > argument overrides this default. > > I bet you did not set the "nullok" option and it only worked due to a bug? It worked out of the box for many years. I do not remember changing any PAM settings, only /etc/sudoers.
Hi Bruno, is the issue still reproducible now please?
(In reply to Chenzi Cao from comment #5) > Hi Bruno, is the issue still reproducible now please? It's still broken.