Prevent login to accounts with empty password
Issue
-
Will
nullok
option allow users to login without entering a password?# cat password-auth | grep nullok auth sufficient pam_unix.so nullok password sufficient pam_unix.so sha512 shadow nullok use_authtok
-
How to disallow console login without password?
-
User account without a password is able to login from console, as log message recorded in
/var/log/secure
:login[1671]: pam_unix(login:auth): user [bob] has blank password; authenticated without it login[1671]: pam_unix(login:session): session opened for user bob by LOGIN(uid=0) login[1671]: LOGIN ON tty1 BY bob
-
One of below items is returned by security scanner:
- The system must not have accounts configured with blank or null passwords (V-71937)
- RHEL 8 must not allow blank or null passwords in the system-auth file (V-244540)
- RHEL 8 must not allow blank or null passwords in the password-auth file (V-244541)
Environment
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.